Mitigating Information Security Risks of Cloud Computin

Similar documents
<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

Oracle Product Development - Cloud Computing Review

Oracle: Private Platform as a Service from Oracle

<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

<Insert Picture Here> Cloud Computing Strategy

<Insert Picture Here> Infrastructure as a Service (IaaS) Cloud Computing for Enterprises

Oracle Cloud Computing Strategy

Complete Database Security. Thomas Kyte

<Insert Picture Here> Oracle Database Security Overview

Balancing Security Investment Against Today's Threat Environment

Oracle Database Security

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Reference Architecture and Oracle Cloud

<Insert Picture Here> Oracle Cloud Computing Strategy

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Oracle Cloud Strategy. Sudip Datta Vice President of Product Management

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> Enabling Cloud Deployments with Oracle Virtualization

<Insert Picture Here> Achieving Business & Government Interoperability through PaaS & SaaS

<Insert Picture Here> Cloud Archive Trends and Challenges PASIG Winter 2012

The Safe Harbor. 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> Hardware and Software engineered to work together l'offerta Oracle nell'era del cloud computing

Oracle Identity Management Securing The New Digital Experience

Oracle Fusion Middleware 11g Release 1 IDM Suite

Cloud Security/Access Control and Identity Management. Patrick McLaughlin, Oracle Fellow SAOUG: 14 November, 2011

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle s Cloud Computing Strategy

Build your public cloud strategy with Oracle IaaS and Oracle PaaS

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Governance, Risk & Compliance for Public Sector

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

<Insert Picture Here> PCI DSS-Payment Card Industry. Security Summit Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Oracle s Cloud Computing Strategy

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Data Security: Strategy and Tactics for Success

Oracle IDM Integration with E-Business Suite & Middleware Technologies

Konsolidacija podatkov v oblaku znotraj organizacije

HOL9449 Access Management: Secure web, mobile and cloud access

Securing Data in Oracle Database 12c

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Security Issues in Cloud Computing

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Monitoring, Managing and Supporting Enterprise Clouds with Oracle Enterprise Manager 12c Name, Title Oracle

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

<Insert Picture Here> Architekturen, Bausteine und Konzepte für Private Clouds Detlef Drewanz EMEA Server Principal Sales Consultant

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Security It s an ecosystem thing

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Groot, Groter, Groots(t)

The benefits and implications of the Cloud and Software as a Service (SaaS) for the Location Services Market. John Caulfield Solutions Director

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

Securing the Cloud through Comprehensive Identity Management Solution

How To Manage Your It From A Business Perspective

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

Oracle Middleware a felhőben

STRONGER AUTHENTICATION for CA SiteMinder

Enterprise Identity Management Reference Architecture

Trust but Verify: Best Practices for Monitoring Privileged Users

Cloud Storage in a PaaS World

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Oracle Public Cloud. Peter Schmidt Principal Sales Consultant Oracle Deutschland BV & CO KG

<Insert Picture Here> Oracle Identity And Access Management

<Insert Picture Here> Cloud Computing Inside Out

Session S : How to build a Private Cloud with Oracle Enterprise Manager: A Major Telco Story. Principal Product Manager

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Cloud Security Introduction and Overview

Datamation. Find the Right Cloud Computing Solution. Executive Brief. In This Paper

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

White paper. Four Best Practices for Secure Web Access

CON9488 The Enterprise Cloud Simplified with Oracle VM

Oracle Cloud Computing Strategy

Implementing Microsoft Azure Infrastructure Solutions

journey to a hybrid cloud

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Oracle Middleware as Cloud Foundation. Filip Huysmans Contribute Group

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

<Insert Picture Here> Oracle Database Vault

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Take Control of Identities & Data Loss. Vipul Kumra

Intelligent Security Design, Development and Acquisition

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Addressing Cloud Computing Security Considerations

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Oracle E-Business Suite Single Sign On Using Oracle Access Manager

Data Protection: From PKI to Virtualization & Cloud

Agenda. Sedat Zencirci Technology Sales Consultancy Manager. Oracle Technology Stack. Business Requirements and Oracle offerings

An Oracle White Paper June Oracle Cloud Computing

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Transcription:

Peter Rajnak Business Devlopment Director for Security Solutions Oracle OFM APAC <Insert Picture Here> Mitigating Information Security Risks of Cloud Computin

Everyone Is Talking About Cloud

Cloud Is at the Peak of the Hype Curve Source: Gartner "Hype Cycle for Cloud Computing, 2009" Research Note G00168780

Public Clouds and Private Clouds Used by multiple tenants on a shared basis Hosted and managed by cloud service provider Limited variety of offerings Public Clouds: Lower upfront costs Economies of scale Public Clouds Simpler to manage OpEx SaaS PaaS IaaS I N T E R N E T Both offer: High efficiency High availability Private Cloud I N T R A N E T Elastic capacity Users SaaS PaaS IaaS Private Cloud: Lower total costs Greater control over security, compliance & quality of service Easier integration CapEx & OpEx Exclusively used by a single organization Controlled and managed by in-house IT Large number of applications

44% of Large Enterprises Are Interested In Building An Internal Cloud Source: Cloud Computing, Compute-As-A-Service: Interest And Adoption By Company Size, Forrester Research, Inc., February 27, 2009

Why Are Enterprises Interested in Cloud? What Are the Challenges Enterprises Face? Benefits Challenges/Issues Cost Speed Fit Security QoS Source: IDC exchange, "IT Cloud Services User Survey, pt. 2: Top Benefits & Challenges," (http://blogs.idc.com/ie/?p=210), October 2, 2008

The Reality of Cloud Computing 2009 Oracle Proprietary and Confidential 7

Key Barriers to Cloud Computing 74% 74% rate cloud security issues as very significant Source: IDC Security Compliance Control 2009 Oracle Proprietary and Confidential 8

Cloud Security Challenges Private Cloud IT agility B2B collaboration Access control complexity Privileged user access Hybrid Cloud Interoperability User experience Workload portability Public Cloud Data breaches Multi-tenancy Data location Compliance 2009 Oracle Proprietary and Confidential 9

SaaS, PaaS and IaaS Software as a Service Platform as a Service Applications delivered as a service to end-users over the Internet App development & deployment platform delivered as a service Infrastructure as a Service Server, storage and network hardware and associated software delivered as a service

Security with Oracle Cloud Platform Application 1 Application 2 Application 3 Integration: SOA Suite Platform as a Service Shared Services Process Mgmt: BPM Suite Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Database Grid: Oracle Database, RAC, ASM, Partitioning, IMDB Cache, Active Data Guard, Database Security Operating Systems: Oracle Enterprise Linux Virtualization: Oracle VM Servers Storage Security: Identity Mgmt Infrastructure as a Service User Interaction: WebCenter Cloud Management Oracle Enterprise Manager Configuration Mgmt: Assembly Builder, Capacity & Consolidation Planning Lifecycle Automation: Self-Service Provisioning, Policy-Based Resource Scheduling, Metering Application Performance Management: RUEI, SLA Management, Monitoring, Diagnostics Application Quality Management: Testing, Patch Management 2009 Oracle Proprietary and Confidential 11

Documents and Cloud Confidential documents and emails are moderately secure while stored (unused) within folders, inboxes and repositories But when used, thousands of copies are stored on desktops, laptops, wireless devices, USB drives, Cds/DVDs, CLOUD inside and outside your organization! How do you Secure all the copies, and audit access to them? Prevent copies being forwarded (or edited) inappropriately? Protect your confidential information within your customers, partners and suppliers? Revoke access to confidential information, when projects end or employees leave? 2009 Oracle Proprietary and Confidential 12

Managing Information Rights Oracle IRM Server Sealing (encrypting) documents and emails protects them everywhere they go Regardless of how many copies are made, and where those copies are stored and used Including copies of documents and emails that leave your network! Oracle IRM Server centrally manages access rights, and audits usage Even when users offline and IRM Server unreachable (via automatic synchronization) 2009 Oracle Proprietary and Confidential 13

Cloud Data Management Option 1 Option 2 Option 3 Shared (Virtualized) Hardware Shared Database RISK Shared Schema Privileged database and OS user/admin abuse Lost backups containing sensitive data or PII Network eavesdropping malware Application exploits Application by-pass Regulatory infractions 2009 Oracle Proprietary and Confidential 14

Database Security Defense-In-Depth Encryption & Masking Advanced Security Secure Backup Data Masking Access Control Database Vault Label Security Monitoring Encryption & Masking Access Control Monitoring User/Role Management Audit Vault Configuration Management Total Recall User/Role Management Oracle Identity Management 2009 Oracle Proprietary and Confidential 15

Oracle Advanced Security Comprehensive Standards-Based Encryption Disk Backups Exports Off-Site Facilitie s Transparent data at rest encryption Data stays encrypted when backed up Encryption for data in transit Strong authentication of users and servers 2009 Oracle Proprietary and Confidential 16

Oracle Database Vault Privileged User Access Control and Multi-Factor Authorization Application Procurement HR Finance DBA select * from finance.customers Keep privileged database users from abusing their powers Address Separation of Duties requirements Enforce security policies and block unauthorized database activities Prevent application by-pass to protect application data 2009 Oracle Proprietary and Confidential 17

Oracle Audit Vault Automated Activity Monitoring & Audit Reporting HR Data! Alerts CRM Data ERP Data Audit Data Built-in Reports Custom Reports Databases Policies Auditor Automated Oracle and non-oracle database activity monitoring Detect and alert on suspicious activities Out-of-the box compliance reports Custom forensic reports 2009 Oracle Proprietary and Confidential 18

Oracle Configuration Management Vulnerability Assessment & Secure Configuration Monitor Discover Classify Assess Prioritize Fix Monitor Asset Management Policy Management Vulnerability Management Configuration Management & Audit Analysis & Analytics Database discovery Continuous scanning against 375+ best practices and industry standards, extensible Detect and prevent unauthorized configuration changes Change management compliance reports 2009 Oracle Proprietary and Confidential 19

Identity Management Challenges in the Cloud Mind The Gap The cloud model requires an identity infrastructure that is Service-oriented Standards-based Loosely coupled Modular 2009 Oracle Proprietary and Confidential 20

Service-Oriented Security Identity Services for the Cloud Oracle Identity Management Identity Administration Role Management Directory Services Authentication Authorization Federation Web Services Web Services Web Services Oracle Apps 3 rd Party/Custom Apps Cloud Service Providers Discrete, easily consumable security services Rapid application security, improved IT agility Security seamlessly woven into applications 2009 Oracle Proprietary and Confidential 21

Definition - Identity as a Service Refers to implementing identity, access and compliance management functionality predominantly as services in a service oriented architecture within the cloud or enterprise Either cloud provider or cloud consumer, or both, offer identity services The core platform is known as the Identity Services Platform Various lines of business applications, policy management applications, devices, and other services then leverage these services either autonomously or in an choreographed manner

Effective Cloud Computing requires all participants to have inter-operable identity services Partner 1 Partner 2 Identity Services Platform ID WEB Federation SSO Service Service Business Service Provider Identity Services Platform ID ID Assurance Credentialing Service Service IAM Service Provider Identity Services Platform User Entitlement Service User Provisioning Service Consumer Every participant can be both the service provider and service consumer

Design Considerations Identity Services Platform Identity Hub Identity Assurance Identity Authorization Identity Administration Identity Audit

Identity Hub Oracle IDM Point of View Accounts for Identity Storage and Repository Administration, Synchronization and Virtualization Identity profile services with privacy controls (IGF) Secure Storage of Credentials Support for Cryptography through XML-Sig, XML-Enc etc Out of the box plugins that offer connectivity to multiple repositories for OVD for true Identity Publishing Common Virtualization layer at the J2EE Platform layer that can be adopted by any application

Identity Assurance Oracle IDM Point of View Accounts for Authentication, (including MFA), Fraud Prevention, Identity Proofing and Single Sign-On JAAS based Login modules offered through OAM Support for traditional authentication schemes including LDAP, Certificate etc. Support for newer authentication means including OTP etc in OAAM Support for SAML, Kerberos, SPNEGO as well internet identity (OpenID, InfoCard etc) tokens in OIF Interoperability across trusted domains through OIF Exposed webservices in OAAM for risk forensics, that can tie into existing authentication engines, as well as identity proofing services

Identity Authorization Oracle IDM Point of View Accounts for policy definition, enforcement and management Exposed XACML-based policy engine in OES JAAS based permissions and RBAC via OPSS Data security row, column and attribute level security by means of integration with Oracle VPD Shared Authorization service at the Platform layer, adopted by OAM, OIM etc Integrated Policy model which becomes the foundation for J2EE/.NET, Webservice based applications

Identity Administration Oracle IDM Point of View Accounts for user and role lifecycle management, provisioning, and credential management Expose all OIM Inbound & Outbound APIs as Web Services Expand/Extend Inbound & Outbound SPML Web Services to support distributed architectures Support various authentication and authorization policies for OIM SPML and other web services calls using Oracle Web Services Manager Support for multiple inbound gateways and outbound agents one per tenant for tenant specific security enforcement

Identity Audit Oracle IDM Point of View Accounts for identity auditing, compliance reporting and analytics Common audit framework delivered at the J2EE Platform Layer Centralized Identity Warehouse that supports ETLs from various repositories both Oracle and non-oracle ETLs driven through Oracle Data Integrator Offer support for pre-built reports for existing component areas, delivered through BI Publisher Deliver Attestation Service through exposed webservices on the Identity Warehouses data

The Identity Services Platform Systems and Operational Management

Summary: Identity Services Framework Fusion Apps, Other Fusion Products 3rd Party Apps Custom Apps Legacy Applications (Not Identity Service Ready) Business Functions Business Functions Business Functions Business Functions User Management Authentication Authorization Federation Service Interfaces WS-*, SPML, SAML, XACML, IGF Identity Services Legacy Interfaces Connectors, Agents Authentication Provisioning Identity Provider Audit Authorization Administration Role Provider Federation & Trust Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store

Regulatory Considerations for Cloud Security ENFORCE CONTROLS MONITOR CONTROLS Enforce Controls Segregation of duties Access control Oracle Security Solutions Monitor Controls Who accessed what? Who changed what? Streamline Processes Attestation / Recertification AUTOMATE REPORTING STREAMLINE PROCESSES Automate Reporting Out-of-the-box compliance reports Customized reports 2009 Oracle Proprietary and Confidential 32

Case Study Oracle IT Evolution to Cloud

Oracle IT: Oracle Development Self-Service Private Cloud Job Mgmt Virtualization Developer Submit Notifications Self-Service Application Priority Resource Mgmt Match Making Enterprise Manager Grid Control Metadata / Label Servers Hosts Results

Oracle IT: Oracle Development Self-Service Private Cloud Implementation Overview: Scope/Scale - Over 2600 physical servers with over 6000 Virtual Servers used by over 3500 developers Activations Processing over 70 jobs per day, this translates into over 45,000 jobs processed supporting production and test requirements. Utilization Rates on these servers averages 80% 7 days a week and can reach 90% during peak times. Results/Benefits: Increase in development productivity Self-Service system for creation of development environments Cleaner code lines as environments are created quickly for more thorough testing/validation. Physical Server/Environmental Reduction by 75% Server/Apps Deployment reduced by 80%

Oracle IT: Oracle University Dynamic Provisioning with Grid Computing Education Services 2,300 environments automatically provisioned weekly 1/10 th the hardware CPU utilization increased from 7% to 73% Floor space reduced 50% Power consumption reduced 40% Servers: Administrator ratio increased 10X Revenue/Server increased 10X

Cloud Security with Oracle Security Solutions Real World Examples Offers managed identity services including managed fraud prevention and identity verification services Federated provisioning deployment spans hosted PeopleSoft hosted and on-premise apps Federated user provisioning to Microsoft Live Offers Oracle Identity Management Suite to partners as a hosted/managed service 2009 Oracle Proprietary and Confidential 37

For More Information search.oracle.com security solutions or oracle.com/security

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information