Establishing Trust in the Cloud: Trusted Multi-Tenant Infrastructure

Similar documents
SECURITY RISK MANAGEMENT

Business Case for Data Center Network Consolidation

Secure Data Transmission Solutions for the Management and Control of Big Data

Accelerate Your Enterprise Private Cloud Initiative

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

ITIL Asset and Configuration Management in the Cloud. January 2016

Can You be HIPAA/HITECH Compliant in the Cloud?

Securing the Microsoft Cloud

Firewall Administration and Management

Hans Bos Microsoft Nederland.

Microsoft s Compliance Framework for Online Services

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Hybrid IT through Cloud Brokerage Your Path to Better Business Outcomes

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

Strategies for assessing cloud security

Logging and Alerting for the Cloud

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Business Associate Management Methodology

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Data Center is the Foundation of Carrier ICT Transformation. The challenges of building a service driven data center

The Impact of HIPAA and HITECH

Key Considerations of Regulatory Compliance in the Public Cloud

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

CloudCheck Compliance Certification Program

Cisco Unified Data Center: The Foundation for Private Cloud Infrastructure

Tufin Orchestration Suite

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

The Need for Service Catalog Design in Cloud Services Development

NEC Managed Security Services

Bridging the HIPAA/HITECH Compliance Gap

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Bank of Israel. 1. Background. In recent years, cloud. environmentally. from. aspects in. these. 2. Applicability. Directive ). 3.

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

HIPAA and HITECH Compliance for Cloud Applications

Mobile Security & BYOD Policy

Ed McMurray, CISA, CISSP, CTGA CoNetrix

EMC HYBRID CLOUD SOLUTION FOR HEALTHCARE

Cloud models and compliance requirements which is right for you?

CIO SUMMIT l LAS VEGAS

Cloud Services Catalog with Epsilon

Cloud security architecture

Managing risks in a Salesforce environment

Information Security Management System for Microsoft s Cloud Infrastructure

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Business Case for a DDoS Consolidated Solution

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Copyright 2013 wolfssl Inc. All rights reserved. 2

Big Data, Big Risk, Big Rewards. Hussein Syed

Securing the Cloud Infrastructure

How Safe are you in your Cloud?

Cloud Security Trust Cisco to Protect Your Data

Evolving Technology Issues: Cloud Computing

Compliance for the Road Ahead

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Cloud Management Platform

Economic Benefits of Cisco CloudVerse

WHITEPAPER PROACTIVE SECURITY INTELLIGENCE RETURN ON INVESTMENT

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Deploying the Enterprise Cloud

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

White. Paper. When Cloud Makes Sense. November 2013

Our Commitment to Information Security

GRC Stack Research Sponsorship

Analytics for Oil & Gas

October Application Control: The PowerBroker for Windows Difference

Payment Card Industry Data Security Standard

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

ion Manufacturing Solution

Economic Benefits of Cisco CloudVerse

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Business Values of Network and Security Virtualization

HP CLOUD STRATEGY AND SOLUTIONS THE PATH TO HYBRID DELIVERY. Copyright 2011 Hewlett-Packard Development Company, L.P.

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Transcription:

Establishing Trust in the Cloud: Trusted Multi-Tenant Infrastructure

Market Observations Multi-Tenant security is an end-to-end configuration requirement, while most of the products and standards address specific devices or functionality within the overall end-to-end scope Many standards and products contribute to the ability to solve parts of the problem No comprehensive framework exists to describe the business/mission needs and validate compliance of the entire solution set against open standards There is a need for solutions that address trust and security across solutions derived from combining dedicated and shared infrastructures 10/14/2014 Copyright 2014 Trusted Computing Group 2

Market Changes Cost reduction and IT agility Consolidation of IT resources and staffing Movement from CAPEX to OPEX funding of IT To support shared infrastructure for critical systems: Financial (PCI), Healthcare (HIPAA), Energy (NERC/CIP) Global Government and Industrial Base Defense including joint service or coalition operations Shared services within public, private, community and hybrid cloud solutions Applications supporting the mobile ecosystem 10/14/2014 Copyright 2014 Trusted Computing Group 3

Security Built In & Coordinated Trusted Multi-Tenant Infrastructure (TMI) Objectives Standards framework for implementing: Shared Infrastructures Multi-Provider Infrastructures Reference Models and Implementation Guidance Identify and address gaps in existing standards 10/14/2014 Copyright 2014 Trusted Computing Group 3

Establish a Trusted Context in which information can be exchanged between parties Establish a level of trust (including the degree and types of information to be accepted) between parties Exchange Information between parties within the trusted context Exchange information between parties within the bounds of the trust relationship Enforce Policy using the integrity measurements, assertions and attestations exchanged between parties Identify executable policy statements and stores, information sources and sinks, decision authorities, execution points, obligations on parties and policy hierarchies 10/14/2014 Copyright 2014 Trusted Computing Group 4

10/14/2014 Copyright 2014 Trusted Computing Group 6

Potential Impact Low Medium High Likelihood Likelihood Likelihood Low Med High Low Med High Low Med High Inconvience-1 T1 Financial Loss -2 Reputation/ Image -3 T1 T1 Unauthorized Release -4 T1 Personal Safety -5 Civil Criminal - 6 T1 = Low Trust = Medium Trust = High Trust = Very High Trust 10/14/2014 Copyright 2014 Trusted Computing Group 7

10/14/2014 Copyright 2014 Trusted Computing Group 8

Identify the assets and providers involved and establish identity, configuration, policy, enforcement authority and reputation compliance, store in the trusted entity store For each segment of the transaction, identify the level of risk inherent based on the transaction characteristics Identify mitigation patterns addressing the risks, factoring: The level of assurance that claims and attestations are valid The level of policy enforcement that can be applied The ability to control rights granted to the transaction principals Assess the overall transaction risk, aligning transaction profile to policy profiles for execution Audit transaction execution 10/14/2014 Copyright 2014 Trusted Computing Group 9

In an IT commons based on multi-tenant, shared infrastructure, the challenge is to: Establish trust in the provider of IT services Establish and monitor compliance to changing IT policy Assess and monitor compliance to cost, policy and performance objectives Do this in a multi-sourced, multi-supplier ecosystem To establish and maintain trustworthy ecosystems: Enable businesses to assess the trustworthiness of supplier systems Enable real-time assessment of compliance as part of the provisioning process Define and implement best practices and standard patterns for building and operating trustworthy infrastructures Define mapping of standards against a reference model to improve integration of trustworthy components Support real time assessment and enforcement of policy to ensure shared infrastructure remains in compliance The use of open trusted platform standards provides businesses a way to assess the suitability, compliance and performance of shared systems 10/14/2014 Copyright 2014 Trusted Computing Group 10

Questions? 10/14/2014 Copyright 2014 Trusted Computing Group 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information