Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

Similar documents
Security Issues in Cloud Computing

Cloud Computing Security Issues

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Cloud Services Overview

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Public, Private, Hybrid:

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Cloud Courses Description

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Fundamental Concepts and Models

Cloud Computing: Background, Risks and Audit Recommendations

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

Avnet's Guide to Cloud Computing

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Architecting the Cloud

Validating Enterprise Systems: A Practical Guide

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

INTRODUCING CLOUD POWER

CHAPTER 8 CLOUD COMPUTING

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Private Cloud 201 How to Build a Private Cloud

Confidence in the Cloud Five Ways to Capitalize with Symantec

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Meeting the Needs of the Changing Enterprise

White Paper on CLOUD COMPUTING

Oracle Cloud Computing Strategy

Cloud Courses Description

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Assessing Risks in the Cloud

What Cloud computing means in real life

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Oracle: Private Platform as a Service from Oracle

Clo l ud d C ompu p tin i g

SAP HANA Cloud Platform. Technical Overview Uwe Heinz

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Cloud Computing: What IT Professionals Need to Know

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

NIST Cloud Computing Reference Architecture

Build and Manage Private and Hybrid Cloud. Urban Järund, Sr Regional Services Manager Nordics, Red Hat

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

> Solution Overview COGNIZANT CLOUD STEPS TRANSFORMATION FRAMEWORK THE PATH TO GROWTH

OIT Cloud Strategy 2011 Enabling Technology Solutions Efficiently, Effectively, and Elegantly

Cloud Glossary. A Guide to Commonly Used Terms in Cloud Computing

Competitive Comparison Between Microsoft and VMware Cloud Computing Solutions

Hadoop in the Hybrid Cloud

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Managed Cloud Services

Marco Mantegazza WebSphere Client Technical Professional Team IBM Software Group. Virtualization and Cloud

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Dell Cloud Solutions. The simplest path to your cloud. Marian Kovacik. Solution Engineer

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Cloud Security Introduction and Overview

Implementing Microsoft Azure Infrastructure Solutions

Service Orchestration

Moving beyond Virtualization as you make your Cloud journey. David Angradi

Key Considerations of Regulatory Compliance in the Public Cloud

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Managing Cloud Computing Risk

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Orchestrating the New Paradigm Cloud Assurance

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

HP OpenStack & Automation

OVERVIEW Cloud Deployment Services

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

PRIVATE CLOUD SECURITY CHALLENGES, AFFORDABILITY AND ANSWER TO A RELIABLE AND MODERNIZED MULTI-BIOMETRICS IDENTIFICATION SOLUTIONS

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

Cloud Computing Landscape: The Importance Of Standards

Cloud Computing; What is it, How long has it been here, and Where is it going?

Copyright 2015 EMC Corporation. All rights reserved. 1

Cloud Computing Security Considerations

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Harnessing the Power of the Microsoft Cloud for Deep Data Analytics

CA Automation Suite for Data Centers

Proactively Secure Your Cloud Computing Platform


Cloud Computing Technology

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Transcription:

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

What is Cloud Computing? Cloud Computing refers to the delivery of software (SaaS), infrastructure (IaaS), and/or platform (PaaS) as a service. Service Characteristics: Broad Network Access, Rapid Elasticity, Measured Service, On-Demand Self-Service, Resource Pooling. Adaptive and Consumption-based: Can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down; providing for an on-demand utility-like model of allocation and consumption. Can be provided privately or publicly, internally (on premises) or externally (off-premises) or a hybrid of the two

Essential Characteristics On Demand Self Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Deployment Models Public Private Community Hybrid NIST Visual Model of Cloud Computing Definition

Cause for Concern IDC Enterprise Survey on the Cloud 74% of people regarded security as a significant or very significant challenge in adopting cloud-based applications 2010 Ponemon Institute report Most U.S. organizations lack the procedures, policies, and tools to ensure their sensitive information in the cloud remains secure. Despite security concerns and the expected growth in cloud computing, only 27 percent of respondents said their organizations have procedures for approving cloud applications that use sensitive or confidential information.

Employees Connect In A Whole New Way Edits Downloads Uploads Checks Updates Completes ROI Facebook models the lead status on company salesforce.com. Updates a expense report in status new latest product with his presentation to say big demo team on meeting group from Concur. Office YouTube. SharePoint. today! page. Live. Posts link on his Facebook profile.

Technology Trends: Information Increasingly Independent of Systems Technology Trends New Computing Models Cloud Virtualization SaaS Search Appliance System-Centric Secure and manage systems (i.e. hardware, applications) New Endpoint Devices Netbooks Mobile devices New User Demands Consumerization of IT Social networking Information-Centric Secure and manage information New Spending Focus Decapitalization of IT Flexible spending options

What does that mean for IT Security? YIKES! Internal IT Outsourcer DSP/ISP Streamed Salesforce.com SuccessFactors Gmail FaceBook SPN Back-up & & POS MRP CRM Xbox Work PC Home PC PDA Mobile Phone Other Endpoints Security Security Security Security Security

Next Generation IT Evolving Toward Information- Centric Computational Architectures Governance, Risk, and Compliance Workflow/ automation Proprietary cloud & & Information-Centric Security ID Management & Authentication Key Management & Encryption Access Control & Rights Mgmt classification Discovery Loss Prevention Endpoint Management Cloud-Based Infrastructure Hyper-scalable Ultra-high availability Virtualized Application and Mash-ups Management and Protection Information Access & Mgmt Archiving Storage and Backup Disaster Recovery Work PC Home PC PDA Mobile Phone Other Endpoints Endpoint Virtualization Security Security Security Security Security

Cloud Paradigms Center on Interfaces: Solutions Needed on Both Sides User Endpoint Service Service Infrastructure Security endpoint, DLP, IPS Access control (assessment against policy, attestation of compliance, remediation) Endpoint management, virtualization, and provisioning Reputation/trust each side must attest and assess credentials of the other (identity) Virtualization and abstractions endpoint, storage, data/backup availability and service mobility and availability clustering, backup, and portability of services/applications

Interfacing with the Cloud Internal on-premises External Services Business / Process Information & Procedures centric Security & Protection Business Process-a-a-S / Middleware Software-a-a-S OS / VM s Platform -a-a-s Infrastructure Infrastructure/Platform -a-a-s Technology provider IT Mgmt As A Svc Infrastructure mgmt Resource mgmt Incident mgmt Business continuity IT Management Technology/solution provider Infrastructure mgmt Resource mgmt Incident mgmt Business continuity Security mgmt Security mgmt Hetrogeneous On-Premise to Provider and back to Compliance mgmt Enterprise IT Management Solutions Compliance mgmt Customer IT Operations Provider IT Operations (orchestration)

Approach Cloud computing challenges surround its interfaces Security attestation, identity, authentication, policy measurement and remediation, antimalware, data leakage prevention Availability backup, storage management, H/A failover, application level granular measurement and migration, orchestration Endpoint management Building OnRamps to the Cloud Build internal models to understand requirements and issues and to provide transition path Gain benefits of cloud computing attributes with existing architectures Infrastructure mgmt Resource mgmt Incident mgmt Business continuity Infrastructure mgmt Resource mgmt Incident mgmt Business continuity Security mgmt Hetrogeneous On-Premise to Provider and back Security mgmt Compliance mgmt to Enterprise IT Management Solutions Compliance mgmt Customer IT Operations Business / Process Information & Procedures centric Security & Protection Business Process-a-a-S / Middleware OS / VM s Infrastructure Platform -a-a-s Infrastructure/Platform Infrastructure -a-a-s Technology provider IT Management Technology/solution provider Software-a-a-S IT Mg mt As A Svc Provider IT Operations (orchestration)

Moving to the Cloud Things to consider as you move to the Cloud Identify the Asset for Cloud Deployment? Application/Functions or Processes Evaluate the asset to be moved to the cloud based on Risk/impact to your business. How would we be harmed if. Map that asset to the possible Cloud deployment models? Public Private Community Hybrid Evaluate the Cloud Models and Possible Service Providers Map Potential Flows

Moving to the Cloud Things to consider as you move to the Cloud Mapping the Cloud Model to the Security Controls and Compliance Model Areas of critical focus: Governance Governance & Enterprise Risk Management Legal and Electronic Discovery Compliance & Audit Information Lifecycle Portability & Interoperability Operational Traditional Security, Business Continuity, Disaster Recovery Center Operations Incident Response, Notification and remediation Application Security Encryption & Key Management Identity & Access Management Virtualization Credit : Cloud Security Alliance

Secure Cloud Enablement How does your enterprise enable secure Cloud? Leverage existing capabilities to enable a Cloud Ready enterprise What is the critical information to protect? Where is this data? How will it be used? Does the critical information have the right level of control? How will heterogeneous access and broad network connectivity be controlled? How will security and performance be managed in a highly virtualized environment? How can automation be used to abstract services from the infrastructure that provides them?

Sources NIST Cloud Security Alliance- CCSK Certification

Thank You! Nick L. Kael Principal Security Strategist Symantec Security Business Practice nick_kael@symantec.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information