NIST Cloud Computing Security Working Group

Similar documents
United States Government Cloud Standards Perspectives

NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution

The Challenge of Cloud Security

Fundamental Concepts and Models

VMware Hybrid Cloud Solution

Accelerate Your Enterprise Private Cloud Initiative

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cloud Customer Architecture for Securing Workloads on Cloud Services

Securing Data in the Cloud: Point of View

A Holistic View of Telco Clouds

A guide for IT professionals. implementing the hybrid cloud

Part III: Evaluating the Business Value of the Hybrid Cloud

Chapter 4. Fundamental Concepts and Models

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Managed Platform for Adaptive Computing mpac

Accelerating Cloud Adoption

Driving Business Outcomes: Cisco Data Center Innovation and Solutions

Transition Your Windows Server 2003 Infrastructure to a Modern Cisco and Microsoft Solution

ITC Vision for Campus IT: February 28, 2018

Topics of Discussion

Eucalyptus Overview The most widely deployed on-premise cloud computing platform

Cloud Computing and Service-Oriented Architectures

Cloud solution consultant

Naval Enterprise Networks Industry Day #2 NGEN Re-compete Acquisition Approach

Privacy hacking & Data Theft

OpenFog Reference Architecture. Presented by Dr. Maria Gorlatova OpenFog Consortium Communications Working Group Co-chair, Technical Committee Member

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Service Provider Consulting

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

Government IT Modernization and the Adoption of Hybrid Cloud

The Business of Security in the Cloud

Open Hybrid Cloud & Red Hat Products Announcements

Dr. Eng. Antonio Mauro, PhD October 20th 2011

Practical Guide to Cloud Computing Version 2. Read whitepaper at

5 Steps to Government IT Modernization

PERFORMANCE TECHNOLOGIES A.E. July 2016

THE FUTURE IS HYBRID. Patrick Harr. Global Vice President, Cloud Strategy and Solutions Hewlett-Packard Company

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

READ ME for the Agency ATO Review Template

Cisco Services: Towards Your Next Generation IT

Cloud Computing Private Cloud

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Dell helps you simplify IT

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Transform to Your Cloud

Beyond a single cloud story Xavier Poisson Gouyou Beauchamps Vice President, Service Providers and March 13, 2018

Update on the Government of Canada s Information Technology Transformation Plan

Developing, Deploying and Managing Applications on the Cloud

Capgemini Dynamic Services

* Inter-Cloud Research: Vision

Kako napraviti Cloud?

A Perspective on Scientific Cloud Computing

Cloud solution consultant

Cloud Computing. Theory and Practice. 22 March 2012 Phil Mustaphi, Colin Ashford, Larkland Morley

Cisco Cloud Application Centric Infrastructure

Fujitsu World Tour 2016

10 Considerations for a Cloud Procurement. March 2017

Security as a Service (Implementation Guides) Research Sponsorship

Cloud Services. Infrastructure-as-a-Service

Cisco Virtualized Multi-Tenant Data Center Cloud Consumer Models

Customer Case Studies on Accelerating Their Path to Hybrid Cloud

Security Readiness Assessment

Fast IT - Policy Driven Infrastructure for the Intercloud World

The Latest EMC s announcements

vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud

DISA CLOUD CLOUD SYMPOSIUM

Going cloud-native with Kubernetes and Pivotal

Next-Generation HCI: Fine- Tuned for New Ways of Working

Cloud Standards: Vincent Franceschini CTO Intelligent Data Fabrics, Hitachi Data Systems Chairman Emeritus, SNIA

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Healthcare IT Modernization and the Adoption of Hybrid Cloud

That Set the Foundation for the Private Cloud

How to ensure control and security when moving to SaaS/cloud applications

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

TRANSFORMING TO IT-AS-A- SERVICE

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

COMPLIANCE IN THE CLOUD

Public Sector Cloud Service Adoption: The Nigerian Case

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance

Cloud Computing and Service-Oriented Architectures

Cisco Unified Data Center Strategy

Three Key Considerations for Your Public Cloud Infrastructure Strategy

Atos Canopy Orchestrated Hybrid Cloud. Mark Nouris - Atos Head of Cloud Michael Kollar Head of Cloud engineering & TIC

Delivering Complex Enterprise Applications via Hybrid Clouds

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

ONUG SDN Federation/Operability

Co-creation for Success

How Microsoft Azure Stack Streamlines Bi-Modal IT

I D C T E C H N O L O G Y S P O T L I G H T

Automating the Software-Defined Data Center with vcloud Automation Center

What s New in VMware vcloud Automation Center 5.1

The NIST Cybersecurity Framework

Case study: SME cloud service provider in HNSciCloud PCP

Driving Cloud Governance and Avoiding Cloud Chaos

Dimension Data IaaS Services. Gary Ramsay

TSC Business Continuity & Disaster Recovery Session

Overview of International Standards for Cloud Computing

Cloud Computing Overview. The Business and Technology Impact. October 2013

Tech Talk #11. Public Cloud UNIVERSITY OF COLORADO AT BOULDER 12/14/16 CU TECH TALK #11

Transcription:

NIST Cloud Computing Security Working Group NIST Cloud Computing Security Reference Architecture NIST Enterprise-Wide Data-Centric Computing Environment February, 2013 Dr. Michaela Iorga, NIST, Computer Security Division NIST Senior Cloud Computing Technical Lead, Chair, NIST Cloud Computing Public Security Working Group Co-Chair, NIST Cloud Computing Public Forensic Science Working Group

NIST MISSION: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life *Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC) in transition to private sector 2

Deliverables: NIST Cloud Computing Security Working Group 1. Challenging Security Requirements for the US Government Cloud Computing Adoption white paper released November, 2012 - available on NIST CC twiki: http://collaborate.nist.gov/twiki-cloudcomputing/bin/view/cloudcomputing/cloudsecurity 2. NIST Cloud Computing Security Reference Architecture work in progress - a three-dimensional approach that considers: the RA s actors : (Consumer, Provider, Broker, Auditor, Carrier) the cloud computing service models (IaaS, PaaS, SaaS) the cloud mode of deployment (Public, Private, Community, Hybrid) - outcome: a framework that provides: an architectural formal model; a methodology for addressing security requirements.

NIST CC Security Reference Architecture - Approach - NIST Security Reference Architecture formal model NIST Security Reference Architecture security components Mapping components to architecture + NIST Reference Architecture TCI Reference Architecture

NIST CC Reference Architecture (SP 500-292)

NIST CC Security Reference Architecture

NIST CC Security Reference Architecture formal model

NIST CC Security Reference Architecture - NCC SWG leverages on Cloud Security Alliance s Trusted Cloud Initiative - Reference Architecture https://cloudsecurityalliance.org/wp-content/uploads/2011/11/tci-reference-architecture-1.1.pdf

NIST Security Reference Architecture Data Aggregation -

Consumer s ITOS S&RM S&RM Consumer s S&RM Provider s S&RM Provider s S&RM Provider s S&RM Consumer s BOSS SCs Organizational Support Provider s Infrastrct SCs Provider s Physical Sec Provider s ITOS SCs Provider s ITOS SCs Provider s BOSS SCs Broker s ITOS SCs Broker s ITOS SCs Broker s BOSS SCs Carrier s S&RM SCs Carrier s ITOS SCs Carrier s BOSS SCs

NIST CC Security Reference Architecture Ecosystem Orchestration Use Case Example - Use Case: USG Agency plans the migration of their Unified Messaging System (UMS) to the cloud. Ecosystem Orchestration example presents: 1. UMS description 2. Cloud solution analysis Identifies the security components Applies a Security Index System to security components for CIA security triad Determines the Aggregated Security Index a global value used to prioritize the security components implementation. Highlights the importance of properly applying the Risk Management Framework 3. Defines a high-level architecture Public SaaS Technical Broker + Provider with ATOs 4. SA and SLA negotiation

NIST Enterprise-Wide Data-Centric Computing Environment http://csrc.nist.gov/pm/ 1. A CSD Project (not part of the Cloud Computing Program). 2. Leverages the NIST research on Access Control mechanisms (the Policy Machines Project). 3. Developed as a proof of concept of a cloud computing secure environment.

NIST Enterprise-Wide Data-Centric Computing Environment http://csrc.nist.gov/pm/ Cloud Consumer: Enterprise-Wide Data-Centric Computing Environment = Controlled Delivery of Data Service through AC DS=capability(Objects, Operations) Operations = read, manipulate, perform computations on, manage, and/or share Cloud Provider: Infrastructure as a Service

NIST Enterprise-Wide Data-Centric Computing Environment http://csrc.nist.gov/pm/ Benefits 1. Replaces multiple operating environments, each delivering different DSs with a single operating environment delivering all DSs 2. Creates a data centric view - users can see and consume all their authorized data (regardless of its kind) under a single authenticated session. 3. Data interoperability among DSs. 4. Comprehensive policy enforcement across DSs. 5. Eliminates or reduces vulnerabilities due to AC in DSs. 6. The OE is object-type agnostic and the objects (data) of DSs naturally interoperate.

NIST Enterprise-Wide Data-Centric Computing Environment http://csrc.nist.gov/pm/ Benefits IaaS is an OE that implements the Policy Machine and composed of its functional components (i.e., PEPs, PDPs) that run in VMs. Users and objects are provisioned, and DSs are selected by the subscriber. DSs may be provided as SaaS or PaaS so long as they conform to the Policy Enforcement Point (PEP) API. Policies are imported from a library of predefined PM data and relation configurations or configured from scratch, by the subscriber POLICYaaS.

Commercial Applications Available as open source this spring. What can a SaaS Cloud Provider do? SaaS Cloud Provider may offer: Enterprise-Wide Data-Centric Computing Environments to their Consumers.

Collaboration Opportunities Available as open source this spring. NIST will maintain the source. Collaboration on enhancing and maintaining the source is welcomed.

Contact Information For questions on NIST CC SRA Dr. Michaela Iorga, NIST michaela.iorga@nist.gov 301-975-8431 For questions on NIST EWDCCE David Ferraiolo, NIST david.ferraiolo@nist.gov 301-975-3046 For information on Collaboration and/or Technology transfer: Jack E. Pevenstein, NIST Technology Transfer Advisor Technology Partnership Office 301-975-5519 Jack.pevenstein@nist.gov Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback