Security in Cloud Environments

Similar documents
A QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Cloud Managed Campus, Cloudifying Network Management. Huawei Cloud Managed Campus Solution

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Build a Software-Defined Network to Defend your Business

Datacenter Security: Protection Beyond OS LifeCycle

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Introduction to Cisco and Intel NFV Quick Start

MWC 2015 End to End NFV Architecture demo_

Enterprise & Cloud Security

NFV SEC TUTORIAL. Igor Faynberg, CableLabs Chairman, NFV Security WG

Cloud Systems 2018 Training Programs. Catalog of Course Descriptions

Hybrid Cloud (Telco & IT) - en fleksibel og optimal implementering

and public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.

QoS/QoE in future IoT/5G Networks: A Telco transformation infrastructure perspective.

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Experience Sharing: the National Experiment Network for NFV Testing in China Mobile

Preparing your Business for Virtualization

Dynamic Datacenter Security Solidex, November 2009

The Oracle Trust Fabric Securing the Cloud Journey

Verasys Enterprise Security and IT Guide

Security by Default: Enabling Transformation Through Cyber Resilience

Use Case Brief BORDERLESS DATACENTERS

Securing Your Cloud Introduction Presentation

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

The Evolution of Data Center Security, Risk and Compliance

Validating the Security of the Borderless Infrastructure

Migrating Session Border Controllers to the Cloud

Leveraging SDN & NFV to Achieve Software-Defined Security

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Why the cloud matters?

Building a More Secure Cloud Architecture

Overview of the Juniper Networks Mobile Cloud Architecture

CT and IT architecture reconstruction based on software_. Global CTO

NEC Virtualized Evolved Packet Core vepc

IEEE NetSoft 2016 Keynote. June 7, 2016

Transforming IT: From Silos To Services

SHAPE Integrated Security in The Cloud. CNBG/SP Bobby Zhou

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

Copyright 2011 Trend Micro Inc.

Operationalizing NSX Micro segmentation in the Software Defined Data Center

Spotlight Report. Information Security. Presented by. Group Partner

The Road to a Secure, Compliant Cloud

CONTRAIL SECURITY. Contrail Cloud Networking & Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Open Security Controller Project Use Cases

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Identity-Based Cyber Defense. March 2017

Sage Data Security Services Directory

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Stopping Advanced Persistent Threats In Cloud and DataCenters

in PCI Regulated Environments

Hillstone CloudEdge For Network Function Virtualization (NFV) Solutions

Survey of ETSI NFV standardization documents BY ABHISHEK GUPTA FRIDAY GROUP MEETING FEBRUARY 26, 2016

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

DELL EMC VSCALE FABRIC

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Securing Your Most Sensitive Data

Securing Your Virtual World Harri Kaikkonen Channel Manager

PCI in the Sky (or Running Secure Workloads in the Public Cloud) ISACA Controls & Compliance 2017 May 9, 2017

Total Protection for Compliance: Unified IT Policy Auditing

Data Path acceleration techniques in a NFV world

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

Verizon Software Defined Perimeter (SDP).

SHA-1 to SHA-2. Migration Guide

AWS Reference Design Document

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

Cloud Security Gaps. Cloud-Native Security.

Securing the Software-Defined Data Center

TITANIUM CLOUD VIRTUALIZATION PLATFORM

NEN The Education Network

MARCH Secure Software Development WHAT TO CONSIDER

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Cloud Essentials for Architects using OpenStack

SYMANTEC DATA CENTER SECURITY

Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO

Automated Control and Orchestration within the Juniper Networks Mobile Cloud Architecture. White Paper

Online Services Security v2.1

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Virtualizing 5G Infrastructure using Cloud VIM. Sangho Shin SK Telecom

Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017

TECHNOLOGY WHITE PAPER. Facilitate PCI DSS compliance with the Nuage Networks SDN platform

Security Architecture

Container Deployment and Security Best Practices

Network Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica Global CTO

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

Real-time Communications Security and SDN

Transcription:

Security in Cloud Environments Security Product Manager Joern Mewes (joern.mewes@nokia.com) 16-11-2016 1

Cloud transformation happens in phases and will take 5+ years Steps into the cloud Now 2016+ 2020+ Network cloud Operator IT OSS/ BSS enterprise cloud Radio Network Cloud OSS/ BSS IT & enterprise Carrier grade clouds typically in silos following operator units Distributing and connecting across the datacenter architecture Logically integrated cloud infrastructure, cloud-scaled and optimized network services Telco Cloud Secure, Five 9 s, low latency, colossal data 2 Source: IDC, Nokia analysis

Cloud security is different Nightmare or next hope? John Chambers former CIO of Cisco "You'll have no idea what's in the data center. That is exciting to me as a network player But it is a security nightmare and it can't be handled in traditional ways." Vivek Kundra, Executive Vice President, Industries, Salesforce.com, Cloud computing is far more secure than traditional computing, because (cloud) companies can attract and retain cyber-security personnel of a higher quality than many governmental agencies. 3

Top 3 Security Risks in Cloud Environments Virtualization Weakness Dynamicity and Site motion Trust Gap How to preserve Isolation? How to cope with constant and automated changes? How to guarantee Trust and integrity? 4

The threats are real Hypervisors are becoming the cloud's security Achilles heel 5

Analysts predict it will get much worse... The vulnerabilities are there. It will happen, it s just a matter of time hackers are quite aware that a successful attack at hypervisor layer represents an opportunity to penetrate the entire machine regardless of the security controls within each host. Labs Report 2015 Beyond application sandboxing, McAfee Labs predicts that 2015 will bring malware that can successfully exploit hypervisor vulnerabilities to break out of some security vendors' standalone sandbox systems. 6

Business agility requires a re-thinking of the way how security gets implemented Systems and services are launched and retired faster than security teams can identify, analyze, and track Physical boundaries between trusted and untrusted security domains do not exist anymore Security policies are enforced primarily by manually configuration and executed audits and processes Classical perimeter security systems in front of the cloud: Are missing topology and network information of the cloud Cannot cope with the scaling requirements of the cloud Do not see inter-vm traffic Are usually not integrated in the cloud based orchestration processes 7

Data and software integrity protection MME Core Cloud IMS HLR GW BSC Data protection: Cloud provider are seen as being responsible for data protection and privacy Shared data layer / bock storage systems need to consider service specific requirements for data privacy Number of open interfaces for data exchange increase significantly Autonomous VNF/service inter-communication requires a new way to authenticate and authorize data-access Radio Cloud SDN Networks OSS Cloud Software integrity protection: software integrity takes on greater significance. Software integrity comprises the whole lifecycle of virtualized applications, which can be roughly divided into the supply chain, the boot/launch and the runtime phase Software integrity must be maintained across different operating systems, software versions and patch levels 8

Cloud security is a layered approach OSS / BSS 1 1 Cloud Security Director Cloud Orchestrator Security orchestration & lifecycle management VNF Manager VNF 2 3 Security Element Manager Application / Network Management, deployment & monitoring CAM* FCAPS 2 Cloud aware firewall: enforcement points & VNF security functions 5 IMS vfw HLR MME OneNDS GW Hypervisor VMWare OpenStack Infrastructure Compute Storage Networking Software Defined Networking (SDN) 4 5 Virtual Infrastructure Manger 3 4 5 Security element manager: Security configuration & administration Secure virtualized infrastructure / hypervisor hardening Physical Security Functions & SDN security functions 9

Security Orchestration automate security processes within your cloud Dynamic Security Policies Security Incident Monitoring Threat response Security Orchestration Agility & Automation VNF and Hypervisor Hardening Security baseline checking and compliance management Trust Engine for Cloud 10

Cloud firewall requirements Next generation security to support cloud computing Virtualized Security VNFs purpose build for cloud environments Strict separation of control and data-plane Scalable data-plane for performance grow Full MANO integration meaning automated lifecycle management for: Deployment HEAT Orchestration template (HOT) Healing High Availability Scaling-UP / Scaling-OUT Seamless SDN integration for automated policy changes Security becomes part of the network fabric 11

Cloud firewall requirements High capacity due to support of CPU pinning and CPU isolation DPDK for fast packet processing SR-IOV for HW virtualization Direct PCI access from VM Intel Quick Assist technology for crypto operations Flexible deployment model (pay ones, use everwhere in your cloud) No need for UTM anymore Standardized hardware, virtualization and MANO/SDN integration allow the deployment of usecase specific security safeguards from various vendors 12

How Network Security gets implemented into Cloud Security Service Chain Cloud Orchestrator Security Orchestrator SDN Anti DDoS WAF IDS/IDP FW NAT Mobiles IoT Others 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback