Secure Cloud Computing

Similar documents
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Security Information & Event Management (SIEM)

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

How To Protect Your Cloud From Attack

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

IT Security & Compliance. On Time. On Budget. On Demand.

Security in the Software Defined Data Center

Leading The World Into Connected Security. Paolo Florian Sales Engineer

Virtualization Impact on Compliance and Audit

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

PCI Compliance for Cloud Applications

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Cloud and Data Center Security

Security Issues in Cloud Computing

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

RSA Identity Management & Governance (Aveksa)

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

McAfee Network Security Platform

Netzwerkvirtualisierung? Aber mit Sicherheit!

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Deep Security. Προστατεύοντας Server Farm. Σωτήρης Δ. Σαράντος. Available Aug 30, Σύμβουλος Δικτυακών Λύσεων. Copyright 2011 Trend Micro Inc.

Unified Security, ATP and more

Enterprise Security Solutions

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

QRadar SIEM 6.3 Datasheet

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

McAfee Security Architectures for the Public Sector

RSA Identity and Access Management 2014

What is Security Intelligence?

Continuous Network Monitoring

Modular Network Security. Tyler Carter, McAfee Network Security

Security of Cloud Computing for the Power Grid

Protecting the un-protectable Addressing Virtualisation Security Challenges

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Caretower s SIEM Managed Security Services

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Proactively Secure Your Cloud Computing Platform

SecureVue Product Brochure

Clavister InSight TM. Protecting Values

Q1 Labs Corporate Overview

VISIBLY BETTER RISK AND SECURITY MANAGEMENT

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Mobile Security and Management Opportunities for Telcos and Service Providers

Trend Micro. Advanced Security Built for the Cloud

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

The Cloud App Visibility Blindspot

1518 Best Practices in Virtualization & Cloud Security with Symantec

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

How To Manage A Privileged Account Management

Effective End-to-End Cloud Security

Unified Threat Management, Managed Security, and the Cloud Services Model

CyberArk Privileged Threat Analytics. Solution Brief

Analyzing HTTP/HTTPS Traffic Logs

Securing the Cloud through Comprehensive Identity Management Solution

SourceFireNext-Generation IPS

OVERVIEW. Enterprise Security Solutions

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Cloud Security Introduction and Overview

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Security management solutions White paper. Extend business reach with a robust security infrastructure.

Securing Virtual Applications and Servers

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Seven Things To Consider When Evaluating Privileged Account Security Solutions

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Payment Card Industry Data Security Standard

Trend Micro Cloud Security for Citrix CloudPlatform

Creating a Strong Security Infrastructure for Exposing JBoss Services

Safeguarding the cloud with IBM Dynamic Cloud Security

Log Management Solution for IT Big Data

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Compliance

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

End-user Security Analytics Strengthens Protection with ArcSight

Performanta Pty Ltd. Company Profile. May Trust. Practical. Performanta.

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Transcription:

Secure Cloud Computing

Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for Securing Cloud Infrastructure & Services Approach & Methodology for Securing Cloud Infrastructure & Services Government laws regarding data security and controls Q&A

Advanced Targeted Attack Life Cycle Criminal Theft Espionage Sabotage After the Fact Expensive Public Uncertainty COMPROMISE CONTAINMENT ATTACK DISCOVERY High Value Data Key Systems Exploit Weakness Stealthy Replacement Process Preparation Sadder but Wiser 2

Security-Related TCO Is Skyrocketing Multiple products operate in separate functional silos Constantly rising costs of operational security No efficiency, no effectiveness Stale defenses lack adaptive, contextaware capabilities Increasingly complex to manage 4

Recent Notable Advanced Targeted Attacks Targeted attacks against Point-of-Sale (POS) systems Memory parsing/scraping malware Extracts full magnetic stripe data out of memory Not detected by traditional A/V Not detected for a significant amount of time Substantial damage million credit cards where ex-filtrated in the TARGET compromise Containment took long (VISA) 5

Evolution of Cloud Computing

Evolution of the Datacenter Discrete Datacenter Compute Management Storage Network Consolidation Discrete Networks Traditional Security - Policies tied to physical attributes Virtualized Datacenter Servers Unified Network VM VM VM VM Mgmt Storage Arrays Flexible Management 10G Unified Network Virtualized Security - Context aware policies Cloud Datacenter Cloud Infrastructure Security Network Storage Compute Datacenter Facilities (e.g. cooling, power) Efficient and Secure Open Architecture Simplified Network Federated Security - Security delivered as a set of services

Cloud Enabler-Virtualization Virtualization = New platform for greater flexibility Flexibility & Scalability Rapid deployment of Servers & Desktops based on standard built Heterogeneous OS & Application environment running on one single HW Virtualization changes the definition of an endpoint Virtualized systems are no longer systems, they become data Virtual images built on the fly re-define the notion of an asset

The Business Need for a New Model Reduce Costs, Improve Agility 5 weeks Workload Some minutes + + + + + = Differentiated storage Differentiated networks Differentiated isolation Differentiated security Other 3 rd party services Few Days 9

Reduce Costs, Improve Agility for all Datacenter Security and Services Differentiated storage Differentiated networks Minutes VDC Differentiated isolation Differentiated security Few Days Other 3 rd party services Datacenter Security Consolidated Workload-centric Policy-driven Extensible

Virtual Datacenter Cloud Infrastructure Datacenter spans physical, virtual and cloud deployments SaaS Applications Manage Dashboard PaaS Workloads Data Policies Workflows Compliance Infrastructure IaaS Compute Storage Network Essential Characteristics Broad Access, Rapid Elasticity, On Demand Self Service, Resource Pooling

Overall Objective of Cloud Security: Transparency Secure cloud infrastructure- Physical & Virtual Delivering Secure Cloud Services Providers should implement current & future cloud Standards & Certifications Automation of auditing & security 12 Transparency Confidence

Cloud Security Challenges/Concerns Data and Identity Centric Controls in Cloud are hard Dynamic perimeter based on data access and service requirements vs. logical network separation How do provision (and de-provision) identify + authorization across a network of providers Data Leakage threats from Cloud Infrastructure Database Compromises from Cloud Infrastructure High Availability and Performance requirements Virtual infrastructure makes traditional security solutions difficult on both network Content security Lack of Visibility in Inter-VM traffic Advanced Persistent Threats (e.g. Stuxnet, Operation Aurora, Operation Shady RAT etc.) Security controls need to understand the legacy and next generation message exchange protocols Anti-malware protection across large volumes of data must be optimized Protect access to critical data resources from multiple threat vectors to include insiders

Cloud Security Requirements Dynamic Risk Assessment Enterprise framework that support Machine to Machine data collection for continuous monitoring Comprehensive assessment for vulnerability, behavior, configuration and impact Real-time discovery capability for assets, applications and data Threat-Based Defense Defend the key attack vectors and priority targets based on intelligence Automated assessments with countermeasure awareness No impact to availability or performance of critical systems Handling APT Attacks Monitoring across several domains Integration of IT risk data or events with cyber physical data for impact decisions & higher level decision support systems Handling Big Security Data

Strategy for Secure Cloud Infrastructure & Services

Cloud Security Approach/Methodology Secure the Physical and Virtual Datacenter Architecture Defend the whole of the datacenter from infrastructure to application and across all threat vectors Enable comprehensive readiness assessment for web applications, databases and systems Provide continuous monitoring, rapid data retrieval and analysis for incident response Application access through API Calls Secure the Cloud Provider Protect data and identity services in the provider datacenter Secure Software-as-a-Service providers with Cloud Security Platform Enable Secure Use of Cloud Services Understand messaging protocols to ease integration of legacy systems and provide data loss protection Identity management provided by Cloud Based Identity Management solution

Securing Cloud Based Data Centers

Cloud Security Components for VDC Security Monitoring and Management Datacenter Asset Inventory with Security Overlay Risk Based Event/Log Correlation Local Threat Intelligence Server Security Memory Protection Application Whitelisting Change Control Hardware Assisted Security Virtualized Platform Hypervisor Security Resource Optimization through Offloading Agent-less Security through Integration with VMM Unified Management G T I SIEM Secure Data at Rest Encryption & Database Security Securing data at Storage Virtual Network Security Advanced Evasion Prevention Virtual Intrusion Prevention Virtual Next Generation Firewalls Secure Data in Motion Content & Context Visibility Virtualized Network Protection

Unified Management Open APIs Partner Ecosystem Unified Management Automated Compliance Auditing (Policy Auditor/ Vulnerability Manager) Management (Unified Command Center) Alerts Notifications Reporting SLAs Unified Management Across Physical Virtual and Cloud Access from anywhere via web-based UI Highly Extensible Leverage partner ecosystem APIs to adapt to changing market and business requirements End-to-end Visibility and Control Insight into policies and compliance posture across applications, endpoints, servers and networks SIEM for situational and context awareness Regulations Frameworks Standards SOX ISO 27001 PCI DSS HIPAA COBIT CIS GLBA NIST NIST FISMA FDCC DISA STIGS McAfee Confidential Internal Use Only

Global Threat and Vulnerability Intelligence Threat Reputation Network Security Mobile Security Web Security Mail Security Endpoint Security Database Security 3rd Party Feed.

Cloud Based Unified Security Management Platform See log frequencies Search for logs Correlate events What data is involved? Who is doing it? Are they a bad actor? What is the risk of the system? What is the risk of the user? Big Security Data DB Applications Visualize, Investigate, Respond Advanced Correlation Engine GLOBAL THREAT LANDSCAPE Threat intelligence feed Immediate alerting Historical Analysis Dynamic Context Content Aware Traditional Context Log Management Scalable Architecture ENTERPRISE RISK LANDSCAPE Vulnerabilities Countermeasures Individuals Risk Advisor epolicy Orchestrator Database OPTIMIZED High Speed Intelligent Correlation

Delivering Secure Cloud Services

Delivering Cloud Computing Cloud Partners Cloud Vendors Applications Customers Data Loss Intrusion Email Authentication Web Data Loss Intrusion Enterprise Mobile Users Enterprise Users Private Cloud Applications

Secure Cloud Service Delivery Modules Partners Unified Management, Policy and Reporting, Integration Identity Management Email Security Cloud Ecosystem Cloud Vendors Applications Email Authentication Web Data Loss Prevention Global Threat Intelligence Cloud Security Platform Customers Services API Gateway Web Security SaaS or Appliance Mobile Users Enterprise Enterprise Users Private Cloud Applications

Cloud Access Challenges-Identity Management Multiple Logins / Weak Security Lack of Visibility Manual Provisioning Single Sign On (SSO) & Strong Authentication Centralized Management Console Auto Account Provisioning & Profile Sync ID Infrastructure Integration Audit Silos Scalable, Federated Trust AuthN & Provisioning Connectors AD & IAM Centralized Audit Logging Standards Based

Identity Management with Strong Authentication SSO Provisioning Strong Auth Enterprise Provision Access Adaptive Strong Auth Secure SSO Regulatory Compliance Provision/de-provision user accounts AD integration Sync Id Profiles Selectively apply 2 nd factor OTP AuthN Variety of software AuthN methods and devices- mobile devices, SMS, email Federate windows/ AD login To popular SaaS like Salesforce and Google Apps Rich audit trail of user login showing AuthN level De-provision and orphan account reports

Deployment to the cloud 1. Account Provisioning 2. Browser Federation/SSO Old Enterprise Perimeter Dynamic Perimeter Account Provision IdM or Active Directory Portal / Apps Internal Session Cloud Identity Manager Service API Calls Provisioning Policy Cloud SSO SSO Request Custom Apps User Browser Bring secured, monitored cloud endpoints under enterprise IT control

Deployment to the cloud 3. 4. Step Central up Monitoring, OTP Strong Auth Audit, Privacy Settings Old Enterprise Perimeter Dynamic Perimeter IdM or Active Directory Audit Repository Portal / Apps OTP Strong Auth Cloud Identity Manager Cloud SSO Cloud SSO Mgt Console Custom Apps User Browser Bring secured, monitored cloud endpoints under enterprise IT control

Secure Cloud Service Delivery Modules Partners Unified Management, Policy and Reporting, Integration Identity Management Email Security Cloud Ecosystem Cloud Vendors Applications Email Authentication Web Data Loss Prevention Global Threat Intelligence Cloud Security Platform Customers Services API Gateway Web Security SaaS or Appliance Mobile Users Enterprise Enterprise Users Private Cloud Applications

Diverse Apps are Exposed as Services & APIs to Consumers Consumers Services Abstraction Pattern App Types Citizen A P I Unemployment Tax payment WOA REST egov Employee/Partner A P I Order status Inventory SOA Supply Chain Developer A P I Applications Components App Store Web 2.0 Operations A P I Configure Capacity Monitoring IaaS/PaaS Cloud

APIs are everywhere Cloud Provider API Leverage third-party services API Shielding API Cloud Provider Applications move off premise Fast Changing Cloud APIs Enterprise

A Service Gateway Broker Model Makes a lot of sense Cloud Provider API Cloud Provider Enterprise APIs can be exposed, consumed, and proxied to a Service Gateway to offload security & communicate with back end infrastructure vs point to point integration

Secure Cloud Service Delivery Modules Partners Unified Management, Policy and Reporting, Integration Identity Management Email Security Cloud Ecosystem Cloud Vendors Applications Email Authentication Web Data Loss Prevention Global Threat Intelligence Cloud Security Platform Customers Services API Gateway Web Security SaaS or Appliance Mobile Users Enterprise Enterprise Users Private Cloud Applications

PROTECT EVALUATE ANALYZE SOURCE Data Loss Prevention At Rest In Use In Motion DLP Discover: Find and Inspect DLP Monitor: Capture Policy Intelligence Admin Action Policy Application DLP Prevent: Enforcement User Action Encrypt Block Monitor Educate Move

Email Protection In Cloud Delivery Platforms Mobile Devices (Appliance, Virtual Appliance, SaaS, Blade Server, and Hybrid) Simplified Cost Model Unified Policies &Quarantines Email Protection Business Continuity (Email and DLP) Layered Protection (Maximized scalability and security)

Web Protection In Cloud Delivery Platforms Mobile Workers & Devices (Appliance, Virtual Appliance, SaaS, Blade Server) Pricing Consistency Common Policy Web Protection Security Services Common Reporting (Web Filtering, Gateway Antimalware, GTI, DLP, SSL, App Control)

Modules Summary: Key Attributes of Secure Cloud Services Partners Mobile Users Cloud Vendors Services Gateway Email Security Cloud Ecosystem Applications Customers Email Authentication Data Loss Web Prevention Global Threat Intelligence Cloud Security Platform Enterprise Enterprise Users Identity Management Web Security Private Cloud Applications SaaS or Appliance More Flexibility Modular based On-premise, SaaS or virtual Protect headquarters, remote offices and mobile users Easier to Manage Consolidated solution Centralized reporting through Unified Management Open platform to integrate existing solutions Greater Protection Creates secure bridge covering primary Cloud traffic channels Consistent protection & policies across web, identity & email Real-time protection via Global Threat Intelligence

Government laws regarding data security and controls Indian IT Act 2000 (Amendment 2008) Section 43A of the Information Technology (Reasonable security practices and procedures and sensitive personal data information) Rules 2011 The provision require any corporate bodies which 'receives, possesses, stores, deals, or handles any 'sensitive personal data' to implement and maintain 'reasonable security practices', failing which, they are held liable to compensate those affected Section 72A of the (Indian) Information Technology Act, 2000, disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract. Section 72 of the IT Act provides for penalty for breach of confidentiality and privacy. Some of the links are as follows: http://deity.gov.in/content/cyber-laws http://deity.gov.in/sites/upload_files/dit/files/clarification%2079rules(1).pdf http://deity.gov.in/sites/upload_files/dit/files/gsr3_10511(1).pdf Other Security Frameworks: ISO 27001, NERC etc. 38

Securing Cloud Infrastructure & Services- Summary Cloud Security Survivability= Speed of Detection + Speed of Response 39

Q&A 40

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information