Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Similar documents
IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Healthcare: La sicurezza nel Cloud October 18, IBM Corporation

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Cloud Security Who do you trust?

Cloud Courses Description

Cloud computing is a new consumption and delivery model. Yesterday Today

EAaaS Cloud Security Best Practices

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Security Issues in Cloud Computing

Cloud Security Who do you trust?

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Cloud Courses Description

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Dynamic Security for the Hybrid Cloud

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Security Introduction and Overview

Session Four. Heads in the icloud. Moderated By. Sonny Segal. Chief Information Officer Montgomery County Maryland

Addressing Security for Hybrid Cloud

Why the Cloud must be Open

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

VMware vcloud Powered Services

Cloud Computing and Standards

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

How To Protect Your Cloud Computing Resources From Attack

IBM Security in the Cloud

Cloud computing White paper November IBM Point of View: Security and Cloud Computing

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

Security & Cloud Services IAN KAYNE

Cloud Computing Governance & Security. Security Risks in the Cloud

John Essner, CISO Office of Information Technology State of New Jersey

VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES

Cyber Security Symposium 2015 September 29,2015

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Data Protection: From PKI to Virtualization & Cloud

Addressing Cloud Computing Security Considerations

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Cloud Computing - Starting Points for Privacy and Transparency

IBM EXAM QUESTIONS & ANSWERS

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Secure Cloud Computing

Microsoft Azure for IT Professionals 55065A; 3 days

Cloud Security and Managing Use Risks

What Cloud computing means in real life

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Architecting the Cloud

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT

Microsoft SharePoint Architectural Models

How To Protect Your Cloud From Attack

Cloud Security - Risiken und Chancen

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Data, Data, Who Has The Data?

The ODCA, Helix Nebula and Federated Identity Management. Mick Symonds Principal Solutions Architect Atos Managed Services NL

Security and Cloud Computing

Governance and Control in the Cloud. Infrastructure as a Service

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Third Party Cloud Services Its Adoption in the New Age

Security Officer s Checklist in a Sourcing Deal

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Safeguarding the cloud with IBM Security solutions

Tableau Online Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Seeing Though the Clouds

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen

Enterprise Cloud Adoption- Deployment Models, Workloads and Industry Perspective

Cloud Security. DLT Solutions LLC June #DLTCloud

Cisco Cloud Architecture for the Microsoft Cloud Platform

Virtualization in a Multipurpose Commercial Data Center

Extending IBM WebSphere MQ and WebSphere Message Broker to the Clouds 5th February 2013 Session 12628

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

VMware vcloud Air Security TECHNICAL WHITE PAPER

Glinda Cummings World Wide Tivoli Security Product Manager

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: Fax: info@thebunker.net

Microsoft Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

How To Get A Cloud Security System To Work For You

SERENA SOFTWARE Serena Service Manager Security

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

Ensuring security the last barrier to Cloud adoption

SAP Enterprise Architecture in the Era of SAP HANA, Infrastructure, Platforms, Software and Everything-as-a-Service

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Securing the Service Desk in the Cloud

Cloud Virtualization Specialist Certification Self-Study Kit Bundle

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Transcription:

Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation

Cloud computing impacts the implementation of security in fundamentally new ways Security and Privacy Domains People and Identity Data and Information Application and Process Network, Server and Endpoint Physical Infrastructure Governance, Risk and Compliance To cloud Multiple Logins, Numerous Roles Multi-tenancy, Shared Resources External Facing, Quick Provisioning Virtualization, Reduced Access Provider Controlled, Lack of Visibility Audit Silos, Logging Difficulties In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases - greatly affecting all aspects of IT security. 2

Adoption patterns are emerging for successfully beginning and progressing cloud initiatives IaaS: Cut IT expense and complexity through a cloud enabled data center PaaS: Accelerate time to market with cloud platform services CSP: Innovate business models by becoming a cloud service provider SaaS: Gain immediate access with business solutions on cloud 3

Teams are starting projects to achieve the benefits of these patterns, which is leading to various security considerations IaaS: Cut IT expense and complexity through a cloud enabled data center PaaS: Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider SaaS: Gain immediate access with business solutions on cloud Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Integrated service management, automation, provisioning, self service Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Advanced platform for creating, managing, and monetizing cloud services Capabilities provided to consumers for using a provider s applications Logical and physical isolation Secure virtual machines Patch of default images Encrypt stored data Assess self service portals Monitor logs on all resources Defend network perimeters Harden exposed applications Use cloud APIs properly Protect private information Secure shared databases Manage platform identities Integrate existing security controls with the cloud Isolate multiple cloud tenants Secure portals and APIs Manage security operations Build compliant data centers Offer backup and resiliency Integrate systems management and security Federate identity between the cloud and on-premise IT Proper user authentication Audit and compliance testing Encrypt data, both in motion and at rest Integrate existing security 4

Protecting and risk management in the cloud - building on traditional approaches, applied to new models IBM Cloud Security One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload. 5

What are the issues we will face going forward Standardisation Interoperability Big Data Governance Security and Privacy Domains People and Identity Data and Information Application and Process Network, Server and Endpoint Physical Infrastructure Governance, Risk and Compliance To cloud Multiple Logins, Numerous Roles Multi-tenancy, Shared Resources External Facing, Quick Provisioning Virtualization, Reduced Access Provider Controlled, Lack of Visibility Audit Silos, Logging Difficulties Driven by multiple people accessing multiple devices via multiple clouds 6

In the first six months of 2013, IBM X-Force: 7

In summary - Top questions to consider when evaluating a cloud provider The following are suggested common best practice questions to consider when evaluating a cloud provider: Is the cloud governance based on industry standards such as ISO 27000 (or FFIEC)? What is the risk and compliance management program? What are the physical and logical access controls, and the health checking processes? What is the problem and incident management process? How is protecting the company high value / sensitive data implemented? Encryption? How is threat and vulnerability identification implemented? Is the hypervisor certified? What is your personnel security policy? Public cloud Hybrid IT Private cloud 8

9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information