Seguridad en la Nube Javier Liendo, Consultor de Seguridad para Cisco México / Grupo Dice Congreso Mundo Contact Mexico 2012

1. Javier Liendo, CSE Security
jaliendo@cisco.com
Mexico City May 15th, 2012
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved.
C97-694080-00 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

2. • Cloud Security – What’s changed?
• Cloud Threats – What are new
threats specific to cloud?
• Cisco Cloud Security
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

3. “Cloud computing is a model for
enabling convenient, on-demand
network access to a shared pool of
configurable computing resources
that can be rapidly provisioned and
released with minimal management
effort or service provider interaction.”
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4. 1. Cloud Software as a Service (SaaS)
Use provider’s applications over a network
2. Cloud Platform as a Service (PaaS)
Deploy customer-created applications to a cloud
3. Cloud Infrastructure as a Service (IaaS)
Rent processing, storage, network capacity, and other
fundamental computing resources
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5. Private cloud
Enterprise owned or leased, may reside on or off premise
Community cloud
Shared infrastructure for specific community with common
concerns/goals
Public cloud
Sold to the public, mega-scale infrastructure
Hybrid cloud
Composition of two or more clouds
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6. Hosted/Private
Private Cloud Virtual Cloud Public Cloud Public Cloud
(Iaas) (IaaS) (IaaS) (SaaS)
Data Data Data Data
App App App App
VM VM VM VM
Server Server Server Server
Storage Storage Storage Storage
Network Network Network Network
“They” are in Security
IT is in control Shared control
control
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7. Old New
Protect the Data (and Application)
Protect the Perimeter
Protect the Hypervisor
Place it in the right security VMs in motion need to move with
zone ‘attached’ security policy
Zones are static Zones are dynamic and on the move!
Virtualization means machine to
Machine to machine traffic
machine traffic never leaves the host
can be seen on ‘the wire’
Trust the ‘insider’ Pervasive Distrust
Any shared resources need security
Dedicated is secure
scrutiny
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8. Experience
Agility
Economics
Security
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9. Policy
Corporate Border
Applications
and Data
Corporate Office
Branch Office
Attackers Partners Customers
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. Policy
Corporate Border Platform Infrastructure
Applications as a Service as a Service
X
and Data Software
as a Service
as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile Coffee
User Attackers Partners Customers Shop
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11. Policy
Corporate Border Platform Infrastructure
Applications as a Service as a Service
X
and Data Software
as a Service
as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile Coffee
User Attackers Partners Customers Shop
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. 2 Public Cloud
• Threat defense
• Secure multitenancy
• Secure communications
VDC1
1 Cloud Customer Cisco® ScanSafe
Cisco IronPort® VDC2
• Policy management Email Web Security
• Access control
• Threat defense vPC
• DLP
Internet IPsec/SSL
Campus
IPsec/SSL Cisco Security Intelligence
Operations (SIO) Active Cisco Identity
Directory Services Engine
Cisco Cisco VXI Cisco Cisco
AnyConnect™ UCS™
TrustSec®
Cisco ASA Cisco
3 1000V VSG
Private Cloud
Cisco
• Secure multitenancy ASA VMs
• Separation of duties 5585-X
• Data protection Virtualization
Hypervisor
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13. Related
Secure Cloud Cloud Security Secure
AS Security
Infrastructure as a Service Cloud Access
Services
• Cisco ASA 5585; ASA • Cisco ScanSafe • Secure SaaS access • Secure Cloud
SM; ASA1000V Web Security and Discovery Service
Filtering • Cisco AnyConnect™
• Cisco Nexus® 1000V • Security PDI
switch • CiscoIronPort® • Cisco TrustSec®
Cloud, Managed, • IT-GRC Services
• Cisco Virtual Security • Cisco Identity
and Hybrid Email Services Engine
Gateway Security
• VPN
• Cisco SIO
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

14. • Cloud Security – What’s changed?
• Cloud Threats – What are new
threats specific to cloud?
• Cisco Cloud Security
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

15. Thank you.
C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15