IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation



Similar documents
Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

IBM QRadar Security Intelligence April 2013

What is Security Intelligence?

SAP Enterprise Architecture in the Era of SAP HANA, Infrastructure, Platforms, Software and Everything-as-a-Service

How To Protect Your Cloud From Attack

Q1 Labs Corporate Overview

Cloud Computing. Jean-Claude DISPENSA IBM Distinguished Engineer

Addressing Security for Hybrid Cloud

Cloud Security Introduction and Overview

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Security Officer s Checklist in a Sourcing Deal

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Managing Cloud Computing Risk

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Security of Cloud Computing for the Power Grid

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Microsoft Private Cloud

Safeguarding the cloud with IBM Dynamic Cloud Security

Cloud Computing and Standards

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

IBM EXAM QUESTIONS & ANSWERS

journey to a hybrid cloud

How to Grow and Transform your Security Program into the Cloud

Cloud Security: The Grand Challenge

Strategies for assessing cloud security

Cloud Computing; What is it, How long has it been here, and Where is it going?

The Benefits of an Integrated Approach to Security in the Cloud

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Cloud computing White paper November IBM Point of View: Security and Cloud Computing

Incident Handling in the Cloud and Audit s Role

How To Manage Cloud Computing

Harnessing the Power of the Microsoft Cloud for Deep Data Analytics

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Cloud Security Who do you trust?

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security and high availability in cloud computing environments

Integrated service management and cloud computing:

Addressing Cloud Computing Security Considerations

Cisco Cloud Onboarding Solution

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto


H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES

Enterprise Cloud Adoption- Deployment Models, Workloads and Industry Perspective

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

Cloud Computing for SCADA

Front cover. IBM SmartCloud: Building a Cloud Enabled Data Center. Redguides for Business Leaders. Pietro Iannucci Manav Gupta

Security & Cloud Services IAN KAYNE

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Hybrid Cloud Customer Engagements

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Securing the Cloud through Comprehensive Identity Management Solution

Extending IBM WebSphere MQ and WebSphere Message Broker to the Clouds 5th February 2013 Session 12628

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Configuring and Deploying a Private Cloud. Day(s): 5. Overview

How To Use Anibom Smart Cloud For Business

Security Issues in Cloud Computing

Validating Enterprise Systems: A Practical Guide

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Cloud computing: the IBM point of view

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Strengthen security with intelligent identity and access management

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

IBM Cloud TechTalks (Part 4 of 4):

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

IBM Security in the Cloud

IT AS A SERVICE BROKER

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

Implementing Microsoft Azure Infrastructure Solutions

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Cloud Security:Threats & Mitgations

Cloud and Data Center Security

Transcription:

IBM Cloud Security Draft for Discussion September 12, 2011

IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing have become the most widely talked about inhibitor of widespread usage. Traditional IT Security and Privacy Expectations In the Cloud To gain the trust of organizations, cloud services must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments. The same way transformational technologies of the past overcame concerns PCs, outsourcing, the Internet. Trust 2

Cloud computing tests the limits of security operations and infrastructure Security and Privacy Domains People and Identity Data and Information Application and Process Network, Server and Endpoint Physical Infrastructure Governance, Risk and Compliance To cloud Multiple Logins, Onboarding Issues Multi-tenancy, Shared Resources External Facing, Quick Provisioning Virtualization, Reduced Access Provider Controlled, Lack of Visibility Audit Silos, Logging Difficulties In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases - greatly affecting all aspects of IT security. 3

Different cloud deployment models also change the way we think about security Private cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability Public cloud Available to the general public or a large industry group and owned by an organization selling cloud services. Changes in Security and Privacy Customer responsibility for infrastructure More customization of security controls Good visibility into day-to-day operations Easy to access to logs and policies Provider responsibility for infrastructure Less customization of security controls No visibility into day-to-day operations Difficult to access to logs and policies 4

To address these concerns, IBM is working with clients as both a cloud service provider and trusted advisor Secure IBM Clouds IBM Security Solutions Leveraging IBM s deep security skillset, hosting and strategic outsourcing experience, broad security portfolio, history of security innovation, and commitment to client trust as the foundation for building security into all cloud offerings. Capabilities Knowledge Leading portfolio of products and services to help secure cloud environments. Allows customers to address concerns when adopting private, public and hybrid cloud services by adopting security controls to match requirements of the workload. IBM Cloud Reference Model (Foundational Security Controls) IBM Security Framework (Cloud Security On Ramps) 5

IBM SmartCloud provides a robust platform for the full IBM cloud portfolio, built on the IBM cloud reference model Business Process as a Service Software as a Service Platform as a Service Infrastructure as a Service Management, support and deployment Security and isolation Availability and performance Technology platform Payment and billing IBM Cloud Reference Model 6

And is built against the following foundational security controls within the IBM cloud reference model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security IBM Cloud Reference Model 7

Our approach to delivering security aligns with each phase of a client s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. IBM Cloud Security Approach Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. Example security capabilities Cloud security roadmap Network threat protection Server security Database security Application security Virtualization security Endpoint protection Configuration and patch management Identity and access management Secure cloud communications Managed security services 8

Each pattern has its own set of key security concerns Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Integrated service management, automation, provisioning, self service Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Advanced platform for creating, managing, and monetizing cloud services Capabilities provided to consumers for using a provider s applications Key security focus: Infrastructure Key security focus: Data and Information Key security focus: Governance and Compliance Key security focus: Applications and Identity Manage datacenter identities Secure virtual machines Patch default images Monitor logs on all resources Defend network threats Secure shared databases Encrypt private information Build secure applications Keep an audit trail Integrate existing security Isolate cloud tenants Secure portals and APIs Manage security operations Build compliant data centers Offer backup and resiliency Harden exposed web apps Securely federate identity Deploy access controls Encrypt communications Manage application policies 9

IBM has a broad portfolio of products and services to help satisfy our customer s most pressing security requirements IBM Cloud Security One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload. 10

Cloud Enabled Data Center - simple use case User identity is verified and authenticated 1 Self-Service GUI Service Automation Manager Image provisioned behind FW / IPS Host security installed and updated 4 5 Configured Machine Image Virtual Machine Cloud Enabled Data Center Resource chosen from correct security domain 2 VM is configured with appropriate security policy 3 Software patches applied and up-to-date 6 Virtual Machine Hypervisor Available Resource Image Library SW Catalog Machine Image Config Binaries Resource Pool

Cloud Service Provider - simple use case Cloud Service Provider Security rich infrastructure and operations 5 Encrypted and authenticated access control 1 Self-Service GUI 4 Isolation of compute, storage and network Encrypted and authenticated access control 2 Perimeter network security controls 3 Cloud Resources Continuous security monitoring, vulnerability testing, compliance assessment and backup services 6 12

In this new normal, organizations need an intelligent view into their security posture

IBM has the largest, most complete IT security portfolio across the domains in the IBM Security Framework People Data Applications Infrastructure Security Intelligence Governance, risk and compliance Advanced correlation and deep analytics Optimized Role based analytics Identity governance Privileged user controls Data flow analytics Data governance Secure app engineering processes Fraud detection Advanced network monitoring Forensics / data mining Secure systems Proficient User provisioning Access mgmt Strong authentication Access monitoring Data loss prevention Application firewall Source code scanning Virtualization security Asset mgmt Endpoint / network security management Basic Centralized directory Encryption Access control Application scanning Perimeter security Anti-virus

15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information