Secure Cloud Computing Architecture (SCCA)

Similar documents
Secure Cloud Computing Architecture (SCCA)

Welcome to the DISA Cloud Symposium

Cloud Overview. Mr. John Hale Chief, DISA Cloud Portfolio February, 2018 UNITED IN SERVICE TO OUR NATION UNCLASSIFIED 1

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

CLOUD SECURITY CRASH COURSE

The Oracle Trust Fabric Securing the Cloud Journey

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.

Security

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Migrating Applications to the Cloud

ADC im Cloud - Zeitalter

O365 Solutions. Three Phase Approach. Page 1 34

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

IBM 00M-646. IBM WebSphere Sales Mastery Test v5. Download Full Version :

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Secure Access & SWIFT Customer Security Controls Framework

DISA Cybersecurity Service Provider (CSSP)

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Securing Your Cloud Introduction Presentation

Security Readiness Assessment

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

PrecisionAccess Trusted Access Control

the SWIFT Customer Security

2018 Hands-on Guide. F5 Azure SACA. F5 Networks, Inc.

INFORMATION ASSURANCE DIRECTORATE

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

What is milcloud 2.0?

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

SUSE Linux Enterprise 15. #MultimodalOS

epldt Web Builder Security March 2017

Cisco CloudCenter Solution with VMware

Episerver Digital Experience Cloud Norge Thechforum 2017

Microsoft Security Management

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

CSP 2017 Network Virtualisation and Security Scott McKinnon

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

McAfee Public Cloud Server Security Suite

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Security Considerations for Cloud Readiness

An Open Architecture for Hybrid Delivery

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Introduction To Cloud Computing

Container Deployment and Security Best Practices

Automate the Lifecycle of IT

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

vrealize Production Test Upgrade Assessment Guide

The Challenge of Cyberspace Defense and CSSP Services

Self-driving Datacenter: Analytics

Cybersecurity Capabilities Overview

AWS Well Architected Framework

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

IBM SmartCloud Notes Security

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Course AZ-100T01-A: Manage Subscriptions and Resources

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Securing Windows Server 2016

Online Services Security v2.1

Cloud Security Best Practices

Go mobile. Stay in control.

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Azure Marketplace Getting Started Tutorial. Community Edition

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Deploying Tableau at Enterprise Scale in the Cloud

Forecast to Industry Program Executive Office Mission Assurance/NetOps

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Cloud Customer Architecture for Securing Workloads on Cloud Services

Five Essential Capabilities for Airtight Cloud Security

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Changes to UCR 2008, Change 2, made by UCR 2008, Change 3 for Section 5.3.6, Multifunction Mobile Devices

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

Azure Marketplace. Getting Started Tutorial. Community Edition

Secure Access - Update

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Securing Containers Using a PNSC and a Cisco VSG

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

TIBCO Cloud Integration Security Overview

Deploying and Operating Cloud Native.NET apps

Service Description: Advanced Services Fixed Price. CloudCenter Advise and Implement Medium (ASF-DCV1-G-CC-ME)

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Title: Planning AWS Platform Security Assessment?

Best Practices in Securing a Multicloud World

Securing Containers Using a PNSC and a Cisco VSG

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

DreamFactory Security Guide

Virtual Tech Update Intercloud Fabric. Michael Petersen Systems Engineer, Cisco Denmark

Forecast to Industry 2016

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Understanding Cloud Migration. Ruth Wilson, Data Center Services Executive

"Charting the Course... MOC C: Securing Windows Server Course Summary

20533B: Implementing Microsoft Azure Infrastructure Solutions

Transcription:

Secure Cloud Computing Architecture (SCCA) Program Overview Susan Casson PM, SCCA May 15, 2018 UNITED IN IN SERVICE TO OUR NATION 1

Service Overview: Why SCCA? SCCA connects the DoD to Infrastructure and Software as a Service off and on premise commercial cloud environments at impact level 4/5 The portfolio includes four services: boundary, application, and management level security capabilities Onboarding and service requirements: https://disa.deps.mil/org/sd/sd8/scca/missionpartners AWS GovCloud Microsoft Azure & O365 USDA Cloud milcloud 2.0 IBM SalesForce Oracle Cloud Cloud Access Points: Provides connectivity to approved cloud providers, and protects the DISN from cloud originated attacks Virtual Data Center Security Stack: Virtual Network Enclave Security to protect applications and data Virtual Data Center Managed Services: Application host security, patching, configuration, and management. Trusted Cloud Credential Manager: Enforce role based access control and least privileged access 2

Cloud Management Roles and Responsibilities Infrastructure Software DISA Cloud Connection Approval Onboarding Checklist Approved cloud vendor System Network Approval Process (SNAP) Registration Internet Protocol Registration Cybersecurity Service Provider Authority to Operate DISA or Mission Partner Managed Cloud Service Provider Managed Applications Data Runtime Middleware O/S Virtualization Servers Storage Applications Data Runtime Middleware O/S Virtualization Servers Storage Shared Management Cloud Service Provider Managed Networking Networking 3

Features Overview Boundary Defense: Connect to approved Level 4/5 providers and protect DoD networks Web Application Firewalls: Prevent targeted attacks; cross-site scripting, forceful browsing, cookie poisoning, and invalid input SCCA Connect. Secure. Manage. Next Generation Firewalls: Virtual appliance architected to identify network traffic and implement policies in a mission-centric fashion Host Based Security Service: Develop cloud-based orchestration for security policies, upgrades, and reporting Connect: Access DoD approved level 4/5 cloud service providers. Secure: Extend application and data-level security services to the cloud. Manage: Obtain custom analytics and intelligence data for host based security and role based access controls. Assured Compliance Assessment Solution: Manage roles, scan zones, and policies System Patching: Cloud-based DoD patch repositories Recursive DNS Caching: Forward and cache external DNS queries 4

Boundary CAP (BCAP) 1.0 Overview Key Features NIPRnet connectivity support for IaaS and SaaS clouds Security tools focused on protecting the DISN from the cloud Operational and security intelligence data via logging and Netflow 5

VDSS and VDMS 1.0 Overview VDSS Key Features Traditional DMZ security features for public facing web applications Next Generation Firewall for protecting cloud hosted workloads VDMS Key Features Cloud connected management and security tools Cloud privileged user access and account management Central search and display of CAP and Cloud logs via Splunk 6

TCCM 1.0 Privileged Access Management Service Privileged password management and control SSH Key security and management Session manager to control and monitor privileged user access to IaaS clouds and hosted instances Bastion host for access into all management and security services 7

8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback