Future Architectures and Technologies John McLaughlin, IBM Corporation

1
Future Architectures and TechnologiesJohn
McLaughlin, IBM Corporation

• 22 September 2010

Approved for Public Release Distribution
Unlimited NCOIC-DefDaily-JFM20100917
2
Cloud and the Military

• Cloud Computing shows promise in the commercial
  world
• Cost, Schedule, and Performance parameters are
  encouraging
• Private cloud architectures in military context
  are another thing

3
Cloud and NAVAIR(Whats really needed..)

• Despite the IT cost savings, speed to deployment,
  and performance, cloud computing is not a viable
  military capability until the following are
  solved
• Foundational Cloud Computing
• Resilience
• Compliance
• Analytics
• Deep Packet Inspection
• Multi-tenancy

4
Foundational Work

• NCOIC, among others, is working this problem
• Cloud Computing WG is developing a Hybrid Cloud
  Computing pattern
• Potential for an NGA pilot
• The NCOIC Cyber Security IPT is working on the
  global authentication problem
• Solutions, technology independent
• IBM Mission Oriented Cloud Computing
• 10 month project to work the hard engineering
  problems for AF Cloud Computing
• Completion next month

5
FoundationalCloud Computing

• Federated Identity Management Capability
• Provide ability for external authentication
  (think coalition forces..)
• Process governance for approval purposes
• Automated and Request Driven Provisioning
• Foundational Service Discovery
• Operational Service Deployment
• Service Delivery Monitoring
• Operational Monitoring

6
Cloud Computing and Compliance

• Compliance provides distribution, revocation, and
  integrity services for security policies
• Prove identification and authentication
• Prove role provisioning capability
• Prove role based permissions authentication to
  identified entities
• Prove auditing of privileged user
• Prove patch management of end points

7
Cloud and Resilience

• Can we protect?
• Protection for the cloud infrastructure achieved
  through
• Network attack protection at the perimeter
• Virtual firewalls protecting servers
• Specialized database protection capabilities
• Can we rebuild?
• Reconstruction of damaged cloud resources
• Rapid restoration from gold copies
• Can we relocate?
• Relocation of virtualized resources
• Rapid relocation to a new VLAN

8
Analytics Know It NowDefend at Machine Speed

• Step One Collection
• Security and configuration logs
• Internal network sensors and network protection
  devices
• Servers
• Step Two Correlation and Reduction
• Ingest engine provides filtered sensor data to
  the analytics engine for classification and
  correlation
• Step Three Response
• The response engine initiates autonomic security
  policy changes

9
Deep Packet Inspection Is It Safe?

• Provide behavior-based, near real time detection
  and response to network level threats
• All network traffic is inspected for behavior
  based attacks
• TCP/IP level network traffic inspection detects
  out of spec protocols
• Behavior based allows zero day protection
• Detected threats cause autonomic security policy
  changes to be implemented

10
Multi-TenancyPeaceful, Secure Co-existence

• Validate VM Isolation Management
• Prove that data confidentiality exists between
  images
• Prove ability to detect and correct image
  provisioning anomalies
• Test that deployed VM images are correctly
  configured
• Show that corrective actions for mis-configured
  VM images can be applied
• Prove rapid provisioning capabilities
• Rapid deployment of new VM images
• Rapid provisioning of new images
• Rapid access by new users

11
The End

• Questions?
• Contact Information
• John McLaughlin, IBM Corporation
• 571.229.0453
• johnmcl_at_us.ibm.com
• Thank you