Security and Cloud Computing

Similar documents
Cloud Security: The Grand Challenge

CLOUD SECURITY: THE GRAND CHALLENGE

IBM Security in the Cloud

Cloud Security Who do you trust?

Cloud computing White paper November IBM Point of View: Security and Cloud Computing

Cloud Security Who do you trust?

Security Officer s Checklist in a Sourcing Deal

Implicaciones para. CISA, CISM, CGEIT, CRISC, CISSP, OSCP, Cobit FC, ITIL v3 FC

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud Security Prof. Dr. Michael Waidner Fraunhofer SIT CASED. Fraunhofer SIT. Fraunhofer-Gesellschaft 2011

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

IBM EXAM QUESTIONS & ANSWERS

Cloud Computing Governance & Security. Security Risks in the Cloud

Securing the Cloud through Comprehensive Identity Management Solution

Anypoint Platform Cloud Security and Compliance. Whitepaper

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

6 Cloud computing overview

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Safeguarding the cloud with IBM Dynamic Cloud Security

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Cloud Security Trust Cisco to Protect Your Data

Securing the Service Desk in the Cloud

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

The New Economics of Cloud Computing

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Using WebSphere Application Server on Amazon EC2. Speaker(s): Ed McCabe, Arthur Meloy

Cloud Computing and Standards

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

journey to a hybrid cloud

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Addressing Security for Hybrid Cloud

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Intel Enhanced Data Security Assessment Form

Architecting the Cloud

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Cloud Security and Managing Use Risks

Hybrid Cloud Computing

The Benefits of an Integrated Approach to Security in the Cloud

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Cloud Security Introduction and Overview

Cloud Security. DLT Solutions LLC June #DLTCloud

Cloud Computing Security Issues

Security Issues in Cloud Computing

VMware vcloud Powered Services

John Essner, CISO Office of Information Technology State of New Jersey

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

THE BLUENOSE SECURITY FRAMEWORK

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Provide access control with innovative solutions from IBM.

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Cloud Computing: Legal Risks and Best Practices

The Production Cloud

A Mainframe Guy and Cloud Computing

SECURE CLOUD COMPUTING

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

How to Keep a Cloud Environment Current, Secure and Available October 16, 2014

Observations from the Trenches

Securing The Cloud With Confidence. Opinion Piece

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Four Top Emagined Security Services

Strategies for assessing cloud security

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Security in the Software Defined Data Center

Security & Trust in the Cloud

Cloud Computing Security Audit

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

CLOUD COMPUTING OVERVIEW

Security Controls What Works. Southside Virginia Community College: Security Awareness

HP Private Cloud Solutions

HEC Security & Compliance

How To Protect Your Cloud Computing Resources From Attack

Transcription:

Security and Cloud Computing Martin Borrett, Lead Security Architect NE Europe, WW Service Management Tiger Team IBM Software Optimising the World s Infrastructure 27th May - London

Agenda Brief Introduction to Cloud Computing Security: Grand Challenge for the Adoption of Cloud Computing Cloud Security = SOA Security + Secure Virtualized Runtime IBM Cloud Security Offerings 2

Brief Introduction to Cloud Computing Security and Cloud 3

What is Cloud Computing? Cloud is a new consumption and delivery model for many IT-based services, in which the user sees only the service, and has no need to know anything about the technology or implementation Attributes Standardized, consumable web-delivered services Service Catalog Ordering Flexible pricing Metering & Billing Elastic scaling Rapid provisioning Advanced virtualization VISIBILITY CONTROL AUTOMATION...service oriented and service managed 9/15/2009 4

Cloud Computing Delivery Models Flexible Delivery Models Public Service provider owned and managed Access by subscription Delivers select set of standardized business process, application and/or infrastructure services on a flexible price per use basis.. Standardization, capital preservation, flexibility and time to deploy Cloud Services Cloud Computing Model Hybrid Access to client, partner network, and third party resources Private Privately owned and managed. Access limited to client and its partner network. Drives efficiency, standardization and best practices while retaining greater customization and control. Customization, efficiency, availability, resiliency, security and privacy ORGANIZATION CULTURE GOVERNANCE...service sourcing and service value 9/15/2009 5

6

Security Grand Challenge for the Adoption of Cloud Computing 7

Simple Example Today s Data Center Tomorrow s Public Cloud??? We Have Control It s located at X. It s stored in server s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged.??? Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? 8

Security Remains the Top Concern for Cloud Adoption 80% Of enterprises consider security the #1 inhibitor to cloud adoptions How can we be assured that our data will not be leaked and that the vendors have the technology and the governance to control its employees from stealing data? 48% Of enterprises are concerned about the reliability of clouds Security is the biggest concern. I don t worry much about the other -ities reliability, availability, etc. 33% Of respondents are concerned with cloud interfering with their ability to comply with regulations I prefer internal cloud to IaaS. When the service is kept internally, I am more comfortable with the security that it offers. Source: Driving Profitable Growth Through Cloud Computing, IBM Study (conducted by Oliver Wyman) 9

Specific Customer Concerns Related to Security Protection of intellectual property and data Ability to enforce regulatory or contractual obligations Unauthorized use of data Confidentiality of data Availability of data Integrity of data Ability to test or audit a provider s environment Other Source: Deloitte Enterprise@Risk: Privacy and Data Protection Survey 30% 21% 15% 12% 9% 8% 6% 3% 10

What is Cloud Security? Confidentiality, integrity, availability of business-critical IT assets Stored or processed on a cloud computing platform Cloud Computing Software as a Service Utility Computing Grid Computing There is nothing new under the sun but there are lots of old things we don't know. Ambrose Bierce, The Devil's Dictionary 11

IBM Point of View: Security and Cloud Computing SOA Security + Secure Virtualized Runtime = Cloud Security 12

Security as a Potential Market Differentiator: Different Workloads have Different Risk Profiles High Need for Security Assurance Analysis & simulation with public data Mission-critical workloads, personal information Private High value / high risk workloads need Quality of protection adapted to risk Direct visibility and control Significant level of assurance Low Training, testing with non-sensitive data Public Hybrid Low-risk Mid-risk High-risk Today s clouds are primarily here: Lower risk workloads One-size-fits-all approach to data protection No significant assurance Price is key Business Risk 9/15/2009 13

IBM Cloud Security Offerings 14

IBM Cloud Security Guidance document Based on cross-ibm research and customer interaction on cloud security Highlights a series of best practice controls that should be implemented Broken into 7 critical infrastructure components: Building a Security Program Confidential Data Protection Implementing Strong Access and Identity Application Provisioning and De-provisioning Governance Audit Management Vulnerability Management Testing and Validation 15

Security governance, risk management and compliance IBM Security Framework Customers require visibility into the security posture of their cloud. Trust is critical. Implement a governance and audit management program Governance will be key to driving the trust and confidence customers will need. Provide access to tenant-specific log and audit data Create effective incident reporting for tenants IBM Cloud Security Guidance Document Visibility into change, incident, image management, etc. Establish 3rd-party audits (SAS 70, ISO27001, PCI) 16

People and Identity Customers require proper authentication of cloud users. IBM Security Framework Implement strong identity and access management Privileged Identity Management, privileged user monitoring, including logging activities, physical monitoring and background checking IBM Cloud Security Guidance Document Utilize federated identity to coordinate authentication and authorization with enterprise or third party systems A standards-based, single sign-on capability can help simplify user logons for both internally hosted applications and the cloud. 17

Data and Information Customers cite data protection as their most important concern. IBM Security Framework Ensure confidential data protection Use a secure network protocol when connecting to a secure information store. Implement a firewall to isolate confidential information, and ensure that all confidential information is stored behind the firewall. IBM Cloud Security Guidance Document Sensitive information not essential to the business should be securely destroyed. 18

Application and Process Customers require secure cloud applications and provider processes. IBM Security Framework Establish application and environment provisioning Implement a program for application and image provisioning. A secure application testing program should be implemented. Ensure all changes to virtual images and applications are logged. IBM Cloud Security Guidance Document Develop all Web based applications using secure coding guidelines. 19

Network, Server and End Point Customers expect a secure cloud operating environment. IBM Security Framework Maintain environment testing and vulnerability/intrusion management Isolation between tenant domains Trusted virtual domains: policy-based security zones Built-in intrusion detection and prevention IBM Cloud Security Guidance Document Vulnerability Management Protect machine images from corruption and abuse 20

Trusted Advisor Solution Provider Security Company The Company Security for the Cloud Security from the Cloud Security & Privacy Leadership 21

IBM Software

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information