Security Models for Cloud

Similar documents
Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Certification Exam Outline Effective Date: April 2015

Accelerate Your Cloud Journey

Copyright 2011 EMC Corporation. All rights reserved.

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Cloud Computing An IT Paradigm Changer

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Mitigating Risks with Cloud Computing Dan Reis

Cloud Infrastructure and Operations Chapter 2B/8 Page Main concept from which Cloud Computing developed

The Challenge of Cloud Security

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

Cloud Computing, SaaS and Outsourcing

Developing, Deploying and Managing Applications on the Cloud

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Privacy hacking & Data Theft

Certification Exam Outline Effective Date: August 1, 2019

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Enterprise & Cloud Security

Enhanced Privacy ID (EPID), 156

The Road to a Secure, Compliant Cloud

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Cloud Computing Introduction & Offerings from IBM

Cisco Expo The Journey to the Cloud. Axel Clauberg, SE Director Solutions & Architectures, CTO, Emerging Markets

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

De kracht van IBM cloud: hoe je bestaande workloads verhuist naar de cloud

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Auditing the Cloud. Paul Engle CISA, CIA

Contents. Contents (ix) Chapter 1 EVOLUTION OF CLOUD COMPUTING. Chapter 2 INTRODUCTION TO CLOUD COMPUTING. (ix)

Accelerate Your Enterprise Private Cloud Initiative

How to avoid storms in the cloud. The Australian experience and global trends

Managing SaaS risks for cloud customers

Cloud Computing Overview. The Business and Technology Impact. October 2013

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

Cloud Services. Infrastructure-as-a-Service

Why the cloud matters?

The Business of Security in the Cloud

Strong Security Elements for IoT Manufacturing

The Three Data Challenges

Cloud-Security: Show-Stopper or Enabling Technology?

CLOUD SECURITY CRASH COURSE

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Cloud Strategies for Addressing IT Challenges

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

The threat landscape is constantly

VMware Hybrid Cloud Solution

CCISO Blueprint v1. EC-Council

SOARING THROUGH THE CLOUDS IT S A BREEZE

Microsoft Security Management

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Computing in the enterprise: Not if, but when and how?

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Securing Your Cloud Introduction Presentation

Building Trust in the Era of Cloud Computing

Enterprise Cloud Computing. Eddie Toh Platform Marketing Manager, APAC Data Centre Group Cisco Summit 2010, Kuala Lumpur

Practical Guide to Cloud Computing Version 2. Read whitepaper at

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Cloud Security Alliance Quantum-safe Security Working Group

Network Implications of Cloud Computing Presentation to Internet2 Meeting November 4, 2010

OpenStack Seminar Disruption, Consolidation and Growth. Woodside Capital Partners

CLOUD COMPUTING ABSTRACT

Practical Guide to Platform as a Service.

IBM Cloud for VMware Solutions

Securing the Cloud Today: How do we get there?

Journey to the Cloud. Jeff Hoehing, Principal Consultant

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

How to ensure control and security when moving to SaaS/cloud applications

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Choosing the Right Cloud Computing Model for Data Center Management

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

How unified backup and cloud enable your digital transformation success

1/10/2011. Topics. What is the Cloud? Cloud Computing

The NIS Directive and Cybersecurity in

Third Party Cloud Services Its Adoption in the New Age

Cloud Essentials for Architects using OpenStack

How Credit Unions Are Taking Advantage of the Cloud

Cloud Computing Private Cloud

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Building a More Secure Cloud Architecture

CLOUD GOVERNANCE SPECIALIST Certification

SafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer

Topics of Discussion

Bring Your Own Device. Peter Silva Technical Marketing Manager

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

Service Provider Consulting

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Building Hybrid Clouds

COMPLIANCE IN THE CLOUD

Oktober 2018 Dell Tech. Forum München

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Qualys Cloud Platform

A guide for IT professionals. implementing the hybrid cloud

Transcription:

Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011

Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson Business Development Global Account Manager Actual work: Installation / Configuration Design Support Product development / POC Audit Penetration testing Sales / BD

CISSP Certification Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information Security and Risk Management Legal, Regulations, Compliance and Investigations The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement. Operations Security

Agenda Security Consolidation The Business Need Cloud Security Models Cloud Security Security for Cloud Apps Additional Security Concerns Who Pays this Guy?

Cloud, Defined NIST Definition* Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. *SP800-145

Cloud Cloud Security, what does that mean? Clean Pipe or Security Services as a Utility Shared Services Model (Multi-tenancy) Integrating with the carrier backbone Cloud Computing SAAS, IAAS, PAAS need Security! How to provision? Is it VM? Is it appliance?

Security as a Service

Security as a Service (Cloud Security) Alternative to purchasing premise equipment Often provided by an Managed Security Services Provider / Carrier No capital expenditure Outsource log / compliance responsibilities

M S S Managed Security Services, Why? Operational Benefits No Capital Expenditure Displaced Accountability Pure play vs. Bundled Services / Utility Model Cloud vs. CPE

Cloud Security / Clean Pipe MPLS NETWORK VPLS ID VLAN ID VDOM Private Network

Cloud Security Example Customer C Office 1 Customer B MPLS Data Center Customer A Internet Customer C Office 2 VLAN VLAN VLAN VLAN VDOM VDOM VDOM VDOM

Cloud Computing / Security

Why move to cloud computing? Offsite Storage Elastic Services Pay as you go Utility Computing No capital expenditure Disaster Recovery App Replication Mobility applications BYOD Support

Cloud Computing Offerings Infrastructure as a Service (Sometimes Hardware as a Service HAAS) Outsourcing of equipment to SP - Examples are Storage, Processing, Elastic Computing Platform as a Service Outsourcing of the computing platform to SP - Allows for custom development and flexibility (OS or web platform delivered as a service) Software as a Service Complete application outsourced (WP, SF.com, etc.)

Securing Cloud Applications Most cloud applications are virtualized Hypervisor is a fundemental component Hypervisor is a program that allows multiple operating systems to share a single hardware host. Each operating system appears to have the host's processor, memory, and other resources all to itself. However, the hypervisor is actually controlling the host processor and resources, allocating what is needed to each operating system in turn and making sure that the guest operating systems (called virtual mahines) cannot disrupt each other. * Three primary methods of securing cloud apps Extra-Hypervisor Intra-Hypervisor Host *thanks techtarget

Extra-Hypervisor Security Outside the VM platform Typically an appliance Pros: Fast / Mature Security Applianc e Security Applianc e Cons: Lack of Visibility into VM space VM VM VM VSWITCH VM VM VM VSWITCH HYPERVISOR

Intra-Hypervisor Security VM based Typically leverages API for integration with the hypervisor Pros: Visibility to intra-vm communication Cons: Takes CPU from VM execution VM Security VM VM VM VM VM VSWITCH Security VM VM VM VM VSWITCH HYPERVISOR

The VM Security Problem VSwitch is not a switch VMWare has retracted some API options High Availability is more complicated Takes Resources from VM application operations Easy to create new applications!

Protected Provisioning VM security element is dynamically created based on policy. Application templates are pre-defined UTM Policy templates are pre-defined Mail Server -> FW VM, IDP, AntiSpam Web Server -> FW VM, WAF <- Automatic VA

The Wormhole Many security products have built in virtualization What happens when you virtualize them? Root Web Security VDOM Mail Security VDOM SAP Security VDOM Security VM Web Server VM Mail Server VM SAP Server VM Hypervisor

Combined Architecture Security VM With Virtualization Web Servers DB Servers Mail Servers Collaboration Servers Internet Vswitch NIC Intranet Vswitch NIC Vswitch Vswitch Vswitch VM Kernel Hypervisor MGMT Security Appliance Security Appliance Network

Additional Security Concerns

Do you *trust* Your Provider? Multi-tenant Data Stores...what does that mean? Cross contamination If another cloud customer is compromised, can it spread? Is the Hypervisor hardened? How is log data handled/stored? Forensics / Incident Response

The Legal Lag If an incident occurs, what is the provider s responsibility? How can log data be extracted? How quickly? Can data evidence be extracted in a legally admissible format? Does the contract allow you to run Incident Response test plans? Will the provider participate?

Cloud Security Alliance and NIST

NIST References NIST Definition of Cloud Computing: SP 800-145 Guidelines on Security and Privacy in Public Cloud Computing: SP 800-144 U.S. Government Cloud Computing Technology Roadmap, Release 1.0: SP 500-293

Cloud Security Alliance (CSA) Vendor and customer supported organization driving standards in cloud computing and cloud security. Sees itself as a standards incubator Works closely with the Federal Government and NIST

Security Guidance Security Guidance for Critical Areas of Focus in Cloud Computing. 14 Domains - Version 3.0 - http://www.cloudsecurityalliance.org Cloud Architecture Business Continuity and Disaster Recovery Governance and Enterprise Risk Management Data Center Operations Legal: Contracts and Electronic Discovery Incident Response Compliance and Audit Notification and Remediation Information Management and Data Security Application Security Portability and Interoperability Encryption and Key Management Traditional Security Identity and Access Management Virtualization and Security as a Service

CSA STAR STAR = CSA SECURITY, TRUST AND ASSURANCE REGISTRY Cloud providers self assess their security Launched in Q4 of this year https://cloudsecurityalliance.org/star/faq/

Concluding Business finance objectives pushing enterprises to the cloud Managed Services / Utility and Cloud Security offers a viable alternative to self managed Evolution of physical to virtual driving security architecture in new directions Policy and Process must be automated to ensure proper compliance and protection for virtual assets The legal and audit standards have not caught up to cloud adoption There is hope, NIST / CSA

I Work @ FTNT Founded in 2000 Nasdaq Listed FTNT ~1600 Employees Over 600k units shipped Over 100k customers

Thank You! Questions?

Consolidate, they said. Gartner IDC Frost & Sullivan Point of Failure, Multiple Consoles, Troubleshooting Difficulty, Licensing

U T M Unified Threat Management Fortinet Maintains the Lead Cisco and Juniper Follow Why UTM? Consolidated Approach Economic Benefits Architectural Benefits <-- Not Rhetorical Security Benefits (Best of breed not best after all?)

Case Study - UTM Massive Organization Too Many Internet Connections Too Many Devices Too Many Vendors Too Many Management Consoles Carrier Partner Delivers Connectivity Hosted Security in Wiring Center Multitenant Multi-discipline (UTM) Customer Portal

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback