Data Storage Security, Cloud Computing and Virtualization



Similar documents
Cloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD.

Cloud Computing Governance & Security. Security Risks in the Cloud

CompTIA Cloud+ 9318; 5 Days, Instructor-led

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Storage Multi-Tenancy for Cloud Computing. Paul Feresten, NetApp; SNIA Cloud Storage Initiative Member

Cloud Security Introduction and Overview

New Risks in the New World of Emerging Technologies

Cloud Security. DLT Solutions LLC June #DLTCloud

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

Overview. What are operational policies? Development, adoption, implementation

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Security in the Green Cloud

OCR LEVEL 3 CAMBRIDGE TECHNICAL

How To Backup A Vranger Vrander With Asynch Mirroring On A Vmserd With An Asyncher Backup On A Datacore Vrangers Memory On A Powerpoint Vrgera Vrenger On A

Cloud Security Prof. Dr. Michael Waidner Fraunhofer SIT CASED. Fraunhofer SIT. Fraunhofer-Gesellschaft 2011

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Saving Private Data An Introduction to Storage Security Richard Austin, MS, CISSP, MCSE

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

How To Protect Your Cloud Computing Resources From Attack

Cloud Security: An Independent Assessent

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

HEC Security & Compliance

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Cloud Infrastructure Security

Cloud Security and Managing Use Risks

It ain t all fluffy and blue sky out there!

Security Issues in Cloud Computing

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

IT Networking and Security

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Injazat s Managed Services Portfolio

White Paper. Virtualization with Protection for SMBs Using the ReadyDATA 5200

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

White Paper: Cloud Security. Cloud Security

Data-at-Rest Encryption Addresses SAN Security Requirements

MultiStore Secure Multi-Tenancy for Shared Storage Infrastructure. Sales Representative Name

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

I ve been breached! Now what?

Cloud Security Framework (CSF): Gap Analysis & Roadmap

Best Practices in Legal IT. How to share data and protect critical assets across the WAN

WWRF Cloud Implications to Security, Privacy, and Trust

UniFS A True Global File System

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Cloud Services Overview

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Cloud Security Framework (CSF): Gap Analysis & Roadmap

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Server and Storage Virtualization: A Complete Solution A SANRAD White Paper

Virtualization, Business Continuation Plan & Disaster Recovery for EMS -By Ramanj Pamidi San Diego Gas & Electric

Restoration Technologies. Mike Fishman / EMC Corp.

BlueArc unified network storage systems 7th TF-Storage Meeting. Scale Bigger, Store Smarter, Accelerate Everything

All the benefits of Public Cloud on Private, Dedicated Infrastructure. Benefits. Enterprise-Level Security. High Performance. Compliant and Audited

Assessing Risks in the Cloud

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

What Cloud computing means in real life

Analyzing HTTP/HTTPS Traffic Logs

UIIPA - Security Risk Management. June 2015

Storage Protocol Comparison White Paper TECHNICAL MARKETING DOCUMENTATION

VNX HYBRID FLASH BEST PRACTICES FOR PERFORMANCE

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Business In the Cloud. Mitigating Risk. Fred Pinkett VP of Product Management Security Innovation

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Learn the Essentials of Virtualization Security

Introduction to Data Protection: Backup to Tape, Disk and Beyond. Michael Fishman, EMC Corporation

Storage Networking Foundations Certification Workshop

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

Security and Cloud Compunting - Security impacts, best practices and solutions -

Altus UC Security Overview

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev Seite 1 von d Seite 1 von 11

CLOUD COMPUTING OVERVIEW

Virtual Provisioning. Management. Capacity oversubscription Physical allocation on the fly to logical size. With Thin Provisioning enabled

Cryptographic Use Cases and the Rationale for End-to-End Security. Larry Hofer, CISSP Emulex

Cisco Virtual SAN Advantages and Use Cases

WHITE PAPER Overview of Data Replication

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Security and Cloud Computing

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Security & Cloud Services IAN KAYNE

Security from a customer s perspective. Halogen s approach to security

LeRoy Budnik, Knowledge Transfer

Zadara Storage Cloud A

ITAR Compliance Best Practices Guide

Virtual Privacy vs. Real Security

Learn the essentials of virtualization security

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Accelerate with Ampleflex Cloud! Highly adoptable and dependable platform for deploying services and applications into the Cloud.

Introduction to Data Protection: Backup to Tape, Disk and Beyond. Michael Fishman, EMC Corporation

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

Colocation Dedicated Servers Private Clouds. Copyright 2011 Online Tech. All rights reserved

Achieving PCI-Compliance through Cyberoam

Data Center Evolution and Network Convergence

Lecture 17 - Network Security

Transcription:

Data Storage Security, Cloud Computing and Virtualization What You Think You Know Can Hurt You 1

The 8 Fallacies of Distributed Computing 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. The network is secure 5. Topology doesn't change 6. There is one administrator 7. Transport cost is zero 8. The network is homogeneous 2

The 8 White Lies? of Distributed Computing (circa 2010) 1. The network is reliable enough 2. Latency is almost zero 3. Bandwidth is infinite mostly enough 4. The network is secure enough 5. Topology doesn't change too much 6. There is one administrator and so are you! 7. Transport cost is almost zero 8. The network is homogeneous enough. IP everywhere! 3

The SNIA Storage Model, v2 4

The SNIA Storage Model, v2 and security Authentication Authorization Integrity Encryption Auditing Availability 5

Storage Security: We Know How to Encrypt data at rest (array and endpoint) Segregate data at Layer 2 (VSAN, VLANs, Zoning, etc.) Restrict data access via ACLs (LUN masking, SID lockdown, etc.) Authenticate peers and encrypt data transmission (FC-SP, iscsi, IPsec) Authorize access to shared file systems (NFS, CIFS) Secure (remote) backups and archives (BURA) Secure BC/DR via encryption & replication Network Information Security Storage 6

What about (Secured) Storage and Virtualization (V12n)? Ultimately, V12n storage gravitates towards SANs User data (SAN) vs. v12n data VMFS VM images ISOs The death of local In v12n, everything is distributed File systems, memory, network devices (vswitch, vnic) Solution? Segregate traffic along multiple dimensions (user, management, virtualized storage & VMM management) Key management is ever more critical (maybe harder?) 7

What s the Difference Between the Cloud and Co-location? Web hosting? Remote D/R sites (using replication?) BURA? Did we worry about storage security? Why (not)? 8

Storage, V12n and Cloud: Which Hat is IT Wearing? Question: is IT the provider ( IT provides the service?) the procurer ( IT manages the relationship with 3 rd part CSP)? the consultant? (business units go it alone) V12n is an enabling technology for Cloud computing (versus distributed computing) If cost is the cloud driver, where does security fit? Cost Security? Usability 9

Things We Maybe Don t Know How to Do So Well (still) 1. Classify our data What s sensitive, critical, toxic, secret? Should IT per se be expected to know about it? 2. Keep track of our data 1. There is no defined perimeter. What s yours? 2. Tiering within storage. It s 11pm. Do you know where your data is? (are?) 3. Provide location transparency 1. Is Starbucks part of your corporate LAN? 2. Foreign borders still matter 3. Service levels matter 10

Things We Know We Can t Do (now?) 1. Provide both consistency (data integrity) and availability in the Cloud (Brewer s Conjecture) 2. Guarantee 100% availability of resources nor access times to those resources (see #1) 3. Guarantee data provenance 4. Achieve certain kinds of compliance (e.g. PCI level 1) 5. [Your thoughts here ] 11

But We ve Got To Start Somewhere We know enough at the network layer We can secure communication links, authenticate devices, etc. We know enough at the storage layer, but We can encrypt disks, SAN links, file systems, WAN links, etc. Tiering mechanisms adds randomness to storage location (sub-lun FAST) VMotion adds randomness to services We know enough at the system layer to be dangerous Securing PHI, PII, corporate secrets, etc. with fluid perimeter Where do all the security pieces go? If it s in the Cloud, we give up availability or consistency Giving up possession without losing confidentiality If we can t explain it to the auditors, it won t fly 12

A Plea for a Holistic Approach High High Technical Technical Roles Technical Roles Business Roles Business Technical Roles Business Roles Low The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. Low 13

How can EMC Help? EMC Consulting Services: Virtual Data Center EMC Consulting Services: Private Cloud Strategy EMC Information Security Services Training: EMC Data Storage Security Workshop 14

Threat Landscape CSA - Top Threats to Cloud Computing V1.0 1. Abuse and Nefarious Use of Cloud Computing 2. Insecure Application Programming Interfaces 3. Malicious Insiders 4. Shared Technology Vulnerabilities 5. Data Loss/Leakage 6. Account, Service & Traffic Hijacking 7. Unknown Risk Profile ENISA. Cloud Computing Top Security Risks. Loss of governance Lock-in Isolation failure (VMM) Compliance Risks Management Interface Compromise Data Protection Unsecure or incomplete data deletion Malicious Insider 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information