Trust: A Cloudy Concept Infrastructure Security in The Cloud - PowerPoint PPT Presentation

Loading...

PPT – Trust: A Cloudy Concept Infrastructure Security in The Cloud PowerPoint presentation | free to download - id: 61723d-NWU0O



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Trust: A Cloudy Concept Infrastructure Security in The Cloud

Description:

Cloud Computing. PrivateCloud. CloudComputing. Virtualized Data Center. Virtualization. Information. Federation. Internal cloud. External cloud. Delivering on-demand ... – PowerPoint PPT presentation

Number of Views:143
Avg rating:3.0/5.0
Slides: 25
Provided by: siliconin
Learn more at: http://www.siliconindia.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Trust: A Cloudy Concept Infrastructure Security in The Cloud


1
Trust A Cloudy ConceptInfrastructure Security
in The Cloud
  • Kartik Shahani
  • Country Manager - India SAARC
  • RSA, The Security Division of EMC

2
Agenda
  • Stages in the Journey to the Cloud
  • Security Concerns
  • Trust and Risks
  • Challenges
  • RSA Position to Secure Could Infrastructure
  • Case Scenario
  • Summary

3
Cloud Computing
Delivering on-demand access to shared pools of
data, applications, and hardware Efficient
Flexible Convenient Cost-effective
PrivateCloud
Virtualized Data Center
Internal cloud
External cloud
4
Stages in the Journey to the Cloud
5
51
Security is the greatest concern surrounding
cloud computing adoption.
  • Gain visibility
  • Maintain control
  • Prove compliance

6
Trusted Zones for the Cloud
Attackers
Information
Information
Virtual Infrastructure
Virtual Infrastructure
Identity
Identity
Physical Infrastructure
Cloud Provider
Tenant 1
Tenant 2
7
Trusted Zones Key Capabilities
Isolate infrastructure from Malware, Trojans and
cybercriminals
Anti-malware
Federate identities with public clouds
Identity federation
Cybercrime intelligence
Strong authentication
Tenant 2
Virtual Infrastructure
Isolate information among tenants
Control and isolateVM
Virtual infrastructure security
Data loss prevention
Tenant 1
Virtual Infrastructure
Isolate information from cloud providers
employees
Segregate and control user access
Encryption key mgmt
Access Mgmt
Tokenization
Physical Infrastructure
Governance, Risk, and Compliance
Security Info. Event Mgmt
Enable end to end view of security events and
compliance across infrastructures
8
Security Concerns
  • Today, cloud environments mainly host
    non-sensitive data due to security concerns.
  • If cloud computing is going to meet enterprise
    needs for confidentiality of customer data and
    compliance with legal directives, it will have to
    provide increased levels of security to support
    more sensitive enterprise applications.

9
The Risk of Cloud Computing
  • When organizations move their data into the
    public cloud, new stake holders are introduced in
    the form of third party service providers,
    vendors, and contractors
  • This loosens the controls IT has on data security

10
Challenges of Cloud Computing
  • Control Organizations will face reduced control
    of their data as more responsibility will shift
    to third parties.
  • Regulation Regulations govern the way data must
    be protected in many industries, meaning the
    cloud must have proper controls
  • Interoperability Todays clouds must be able to
    communicate with each other and offer data
    portability
  • Convenience Those using the cloud want both
    convenient access and secure data protection,
    creating a difficult balancing act.
  • Reporting To meet many of todays regulations,
    the ability to report where data is and how it is
    protected will be essential.
  • Data Transfer Business must find a way to
    transfer data into the cloud in a way that is
    both safe and cost effective.

11
RSA Protection in Action
1 Billion Applications shipped with BSAFE
Encryption
25 Year legacy in information security
200 Million Identities protected
34,000 Organizations protected
120,000 Phishing attacks shut down
Embedded in Microsoft, HP, Sun and IBM operating
systems, Internet Explorer and Netscape
browsers, Ericsson, Nokia, Motorola phones,
major US government agencies and the list goes on
12
Virtualization Enables More Effective Security
by Pushing Enforcement Down the Stack
Today most security is enforced by the OS and
application stack making it ineffective,
inconsistent and complex
  • Pushing information security enforcement in the
    virtualization and cloud infrastructure ensures
    consistency, simplifies security management and
    enables customers to surpass the levels of
    security possible in todays physical
    infrastructures

Physical infrastructure
13
VMware vShield Zones and RSA DLP Building a
Content-Aware Trusted Zone
Virtual Infrastructure
  • Overview
  • VMware vShield Zones provides isolation between
    groups of VMs in the virtual infrastructure
  • Leverages the capabilities of vShield Zones to
    deploy DLP as a virtual application monitoring
    data traversing virtual networks
  • Uses a centrally managed policies and enforcement
    controls to prevent data loss in the virtual
    datacenter
  • Customer Benefits
  • Pervasive protection
  • Persistent protection
  • Improved scalability

VMware vShield zones
DLP
DLP
DLP
DLP
VMware VSphere
Physical Infrastructure
14
Cloud Infrastructure The Next Frontier of Cloud
Security and Compliance
15
Problem Statement of Tenant
  • When using the cloud, a tenant is not in
    physical control of their infrastructure. How do
    they
  • Gain visibility into the Clouds IaaS?
  • Assess the actual security posture of the IaaS?
  • Trust those measurements of security?
  • Prove to auditors that the infrastructure they
    are running on is compliant?

16
Cloud Compliance Use Case
  • A tenant wants to run a business critical
    application in the cloud
  • Their requirements
  • Follow best security practices VMware hardening
    guidelines
  • Pass a PCI audit (they hold credit card data)
  • Be assured that they are booting from a secure
    root of trust (protection from inserted root kit
    and blue pill attacks)

17
RSA, VMware, and Intels Vision for Trusted
Cloud Computing Infrastructure
  • Advanced development proof of concept
  • Framework for measured, trusted cloud computing
    environment
  • Bottoms up automated security assessment
  • Leverages technologies from EMC (RSA and Archer),
    VMware and Intel
  • Allows Cloud Service Provider to report on
    configuration of virtual infrastructure used by
    customer VMs
  • Ties to a verifiable measurement of trust in the
    hardware and hypervisor

18
Cloud Compliance Architecture
19
Archer GRC Platform and Dashboard
20
Benefits
  • Tenants
  • Fast, accurate and efficient auditing and
    compliance process
  • Granular view of cloud providers performance
    against SLAs
  • Customized, flexible provisioning of trusted
    computing services
  • Finer grained policy control
  • Service Providers
  • Differentiated service offerings
  • Fast, accurate and efficient customer compliance
    audits
  • Automated, scalable process for on-board audits

21
RSA Capabilities
  • Understand risks
  • RSA Virtual Security Assessment Service
  • Secure virtual environments
  • SecurID
  • Integration with vSphere administrator access
  • Integration with VMware view user desktop access
  • Authentication Manager 6.1 and 7.1 supported when
    run as virtual applications on VMware
  • RSA Key Manager
  • Encryption client will integrate with
    applications virtualized by VMware
  • enVision Event Manager
  • Supports vSphere as an event source
  • EMC Proven Solution for Secure Exchange
  • RSA SecurID, DLP and enVision used to secure a
    virtualized Exchange infrastructure
  • Leverage virtual infrastructure increase
    security
  • Data Loss Prevention
  • Integration with DLP and VMware vShield Zones
  • Enable secure cloud computing
  • RSA Access Manager RSA Key Manager to secure
    access and data in the cloud
  • Adaptive Authentication available as a cloud
    security service

22
Next Steps in Shared Vision
  • Solutions offerings
  • Work with service providers to embed in cloud
    platforms
  • IaaS, PaaS, SaaS
  • Cloud platforms
  • Embedding security in the virtualized
    infrastructure
  • GRC automated IT control assessments
  • VCE / vBlock Network, storage
  • Federation, cyber-intelligence, access
    management, encryption
  • Patch, vulnerability, configuration management

23
For Terremark, demonstrating compliance on
shared, virtualized platforms has been a manual,
complex, and labor-intensive set of activities.
As a VMware Vcloud partner, when we can easily
prove compliance, security and control on
multi-tenant, virtualized infrastructure, it will
be incredibly compelling to our customers and our
own business. Chris Day, Chief
Security Architect, Terremark Worldwide
24
Thank you!
25
Guidance for Ensuring Security In the Cloud
P
Harden all hypervisors Set clear policies for
co-residency and be equipped to enforce
them Evaluate whether cloud vendors can deliver
on their promise Assess cloud providers methods
to attesting to infrastructure security Look for
automated dashboard services for monitoring and
compliance
P
P
P
P
26
Cloud Security Essentials Identity Security
  • Requirements
  • Customer Questions
  • Technical Questions Who Are My Neighbors?
  • Are there controls in terms of who else is using
    this cloud infrastructure?
  • Will my data be segregated so that others cannot
    access it?
  • Is there strong identity management both for
    customers and for employees?
  • Support of identity management tools for both
    users and infrastructure components
  • Strong authentication that goes beyond a simple
    username and password
  • Granular authorization such as role-based
    controls and IRM

Process/Policy Questions Is there good discipline
over separation of data, processes and
infrastructure?
27
Cloud Essentials Information Security
  • Customer Questions
  • Requirements
  • Technical Questions Information Sensitivity
  • What information will be going to the cloud?
  • Are there privacy or confidentiality issues?
  • Are there different levels of protection
    available for sensitive data?
  • Information Mobility
  • Where physically will the information be? Are
    there legal/sovereignty issues?
  • Can I be sure I get it all back and all copies
    are permanently deleted if I stop using the
    cloud vendor or infrastructure?
  • Policy-based content protection
  • Granular data security and enforcement
  • Effective data classification
  • Information rights management
  • Data isolation
  • Resource lifecycle management

Process/Policy Questions Will the cloud vendor
outsource any of its functions? Can I control
that?
28
Cloud Essentials Infrastructure Security
  • Requirements
  • Customer Questions
  • Appropriate controls, log collection, and
    reporting to assure compliance with regulations
  • Inherent component-level security
  • Granular interface security at data hand off
    points
  • Technical questions Transparency,
    Accountability, Trust
  • Can I meet audit and compliance requirements for
    the information or business process?
  • Can I gain visibility into whether security
    controls, and other best practices, are being
    deployed?

Process/Policy Questions Can I get insight into
hiring and training practices regarding privacy
and security? Can I trust the cloud service
provider?
29
RSA Positioning
  • RSAs Position
  • With the right approach, organization can extend
    virtual technologies into environments with
    sensitive data and ultimately increase security
  • RSAs Approach
  • An information-centric, risk-based approach
    security designed to help organizations
  • Understand risks
  • Secure virtual environments virtualize security
    controls
  • Leverage virtual infrastructure
  • Enable secure cloud computing
  • The Customer Benefit
  • Accelerate the proliferation of virtualization
    and increase security
About PowerShow.com