SlideShare une entreprise Scribd logo

Projecting Enterprise Security Requirements on the Cloud

S
Scientia Groups

The presentation discussed enterprise security risks and requirements when projecting workloads to the cloud. It identified seven main risks, including insecure APIs, logical multi-tenancy issues, data protection, and lack of access controls. It noted that enterprises have direct control over some risks but little control over others like multi-tenancy and provider threats. The presentation explored cloud access models using brokers to provide a single entry point and normalize credentials and policies. It also described using a virtual gateway to secure access to private and public clouds through protocols, load balancing, and token generation.

TechnologieBusiness
1  sur  20
Télécharger pour lire hors ligne
Projecting Enterprise Security Requirements on the Cloud Case Study- Cloud Presented by: Billy Cox– Director Cloud Computing Strategy, Intel Blake Dournaee– Product Manager & Author- SOA Demystified, Intel
Topic Agenda • Enterprise Risk Factors & Criteria • What can Enterpise Control Enterprise Requirements • Emerging Standards & Models • What Can be Done Today • Summary of Intel Cloud Capabilities
Potential Risk- Illustrated Amazon Ec2 Keys to the Castle Basic Auth Enterprise Credentials Compromised For Access Enterprise VM Images
Potential Risk- Illustrated Amazon Ec2 Rogue Image Trojan Injected Amongst Enterprise VMs
Potential Risk- Illustrated Virus replayed back in Enterprise Amazon Ec2 Data sent and lost to unknown source
Enterprise Risks & Security Interests Risk Enterprise Provider Insecure, Porous APIs Major Risk Man in the middle, content threats, code injection, DoS attacks Don’t care. API security converges along with market price Logical Multi-Tenancy Unknown Risk Virtual machine attacks, malicious code, comingled data Don’t care. Security of the multi-tenant architecture is a problem for [Insert Hypervisor Vendor Name] to solve. Oh, and trust us that your data is separate from your neighbor Data Protection and Major Risk Reduced confidentiality for private data stored in the clear at the cloud provider Leakage Opposite incentive. Clear text data allows me to provide increased functions based on search Data Loss and Reliability Major Risk Unavailability or loss of critical enterprise data Care a little. Infrastructure reliability is guaranteed according to my SLA, plus you get a refund if we mess up ☺ Audit and Monitoring Major Risk Rogue uses of cloud services in Enterprise Care a little. I will provide basic monitoring of infrastructure but the rest is up to you Cloud Provider Insider Unknown Risk Mismatched security practices at CSP creates a weak link for attackers Threats Don’t care. We are secure enough. Just trust us. Account Hacking, Access Major Risk Coarse access control at CSP increases the value of a stolen account Control, and Authorization Care a little. AAA mechanisms must be good enough to support my SaaS app. It’s your job to map to our way of handling identities.
Where does Control Lie? Provider Enterprise Four of the seven risks are directly under the enterprise control • Insecure, Porous APIs • Data Protection and Leakage • Audit and Monitoring • Account Hacking, Access Control, and Authorization Short of a boycott, the remaining 3 are largely out of control… • Logical Multi-Tenancy • Data Loss and Reliability • Cloud Provider Insider Threats
DMTF Cloud Standards
SNIA Cloud Standards
Cloud - Eucalyptus Cloud Client Customer (consumer) Network Lab Infrastructure Eucalyptus Cloud Bulk Storage Infrastructure iSCSI Walrus Caching Router Cloud Storage Storage Proxy Controller Service Server Cluster block storage and compute Block Block Power managers Cluster Storage Cluster Storage Controller Power Controller Controller Controller Manager Management Node Node Controller Controller Node Node Controller Controller KA3 Node Node Controller Controller Node Node Controller Compute Clusters Controller Node Node Controller Controller
Slide 10 KA3 Fix box titles Kelly Anderson, 21/05/2010
Basic Model Cloud Provider Web Service Request UDDI or Resource Enterprise Credentials & Policies User User Credentials & Policies IdM Security Profile Internal IdM • Authentication token • Customer access control policies • Customer data protection policies
Cloud Access through a Broker Cloud Service Cloud Broker Provider Broker Token Web UDDI or Service UDDI or Resource Resource Enterprise Request Credentials Broker & Policies Credentials User Broker User & Policies Credentials Credentials & Policies & Policies IdM Security Security Profile Profile Internal IdM Internal IdM External IdM
#1 – Broker as Management Entry Point Cloud Provider Cloud Mgr Cloud Site 1 Enterprise Consumer Request Service Gateway Cloud Site 2 IdM Identity Reference Cloud Site 3 • Entry point for cloud management (not data, only mgmt) • Single point of entry and validation for all sites and Cloud Consumers • Consistent credentials validation
#2 –Broker as Outbound PEP Dynamic Enterprise Perimeter Consumer Private Cloud Cloud Provider 1 User User Cloud Provider 2 User UDDI or Resource • Cloud customer accesses multiple clouds • Internal users don’t want to see that complexity • Broker directs based in policy and converts protocols as necessary • Secures provider access credentials
Public Cloud & SaaS
Private Cloud Virtual Gateway Usage Model Private 3. SOAP, REST or JSON SAML Response Cloud 1 Enterprise Service Virtualization 2. Virtualize, Load Balance, Firewall, Generate SAML Token Portal & CRM App Partner Private Cloud 2 IdM , Active API & Token Broker Directory, ABAC 1. User AuthN/Auth- SOAP/REST, Kerberos, Basic Auth, Siteminder, X.509 Dynamic Enterprise Perimeter In VPDC, Service Gateway protects access to Services, maps credentials, enforces ABAC, brokers protocols & formats
CloudBurst Security Using Virtual Gateway 3. Local Authentication 4. Mapped to an AWS Credential in Request for Resource 2. Locate Resource(s) Amazon EC2 Enterprise Storage Public Cloud Private IdM or Cloud Active Directory UDDI or API & HSM Resource Force.com Apps Portal or Web Public Cloud Dynamic Service Enterprise Perimeter 5. Generate SAML Request with Request for Resource to Force 1. Request with Credentials to Access a Resource Manage, secure, hide Cloud brokering complexity. Convert formats. Provide access control
More Information on Intel SOA Expressway & Cloud w er brings ne T his Intel pap ud Security detail to Clo t practices” Alliance bes vis – Jim Rea irector, Executive D ty Alliance Cloud Securi www.dynamicperimeter.com
Questions? Click on the questions tab on your screen, type in your question, name and e-mail address; then hit submit.

Recommandé

Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use CasesSachin Yadav
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloudHimani Singh
 
Comprehensive Information on CASB
Comprehensive Information on CASBComprehensive Information on CASB
Comprehensive Information on CASBHTS Hosting
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...Jean-François LOMBARDO
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 

Recommandé

Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use CasesSachin Yadav
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloudHimani Singh
 
Comprehensive Information on CASB
Comprehensive Information on CASBComprehensive Information on CASB
Comprehensive Information on CASBHTS Hosting
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...Jean-François LOMBARDO
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? Digital Transformation EXPO Event Series
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The CloudMark Nunnikhoven
 
Cloud security
Cloud securityCloud security
Cloud securityFrançois Boucher
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Giovanni Mazzeo
 
AWS Security
AWS Security AWS Security
AWS Security Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceGaurav "GP" Pal
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewValdez Ladd MBA, CISSP, CISA,
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securityn|u - The Open Security Community
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 

Contenu connexe

Tendances

Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceGaurav "GP" Pal
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 

Tendances (20)

CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
AWS Security
AWS Security AWS Security
AWS Security
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Azure security
Azure securityAzure security
Azure security
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 

Similaire à Projecting Enterprise Security Requirements on the Cloud

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industriesdirkbeth
 
AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1Amazon Web Services
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 

Similaire à Projecting Enterprise Security Requirements on the Cloud (20)

null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
 
Enterprise Applications on AWS
Enterprise Applications on AWSEnterprise Applications on AWS
Enterprise Applications on AWS
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Into the Cloud
Into the CloudInto the Cloud
Into the Cloud
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 

Plus de Scientia Groups

System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationSystem Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationScientia Groups
 
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationSystem Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationScientia Groups
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint ProtectionScientia Groups
 
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected SetupBrute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected SetupScientia Groups
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiDelivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiScientia Groups
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices DatasheetsScientia Groups
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online bankingScientia Groups
 
Partners Guide - System Center
Partners Guide - System CenterPartners Guide - System Center
Partners Guide - System CenterScientia Groups
 
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating DeckScientia Groups
 
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Scientia Groups
 

Plus de Scientia Groups (14)

System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationSystem Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise Automation
 
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationSystem Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT Automation
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint Protection
 
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected SetupBrute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected Setup
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud Computing
 
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiDelivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefi
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices Datasheets
 
Zeus and Antivirus
Zeus and AntivirusZeus and Antivirus
Zeus and Antivirus
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online banking
 
Dgmdv 1
Dgmdv 1Dgmdv 1
Dgmdv 1
 
Partners Guide - System Center
Partners Guide - System CenterPartners Guide - System Center
Partners Guide - System Center
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010
 
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck
 
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10
 

Dernier

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Projecting Enterprise Security Requirements on the Cloud

  • 1. Projecting Enterprise Security Requirements on the Cloud Case Study- Cloud Presented by: Billy Cox– Director Cloud Computing Strategy, Intel Blake Dournaee– Product Manager & Author- SOA Demystified, Intel
  • 2. Topic Agenda • Enterprise Risk Factors & Criteria • What can Enterpise Control Enterprise Requirements • Emerging Standards & Models • What Can be Done Today • Summary of Intel Cloud Capabilities
  • 3. Potential Risk- Illustrated Amazon Ec2 Keys to the Castle Basic Auth Enterprise Credentials Compromised For Access Enterprise VM Images
  • 4. Potential Risk- Illustrated Amazon Ec2 Rogue Image Trojan Injected Amongst Enterprise VMs
  • 5. Potential Risk- Illustrated Virus replayed back in Enterprise Amazon Ec2 Data sent and lost to unknown source
  • 6. Enterprise Risks & Security Interests Risk Enterprise Provider Insecure, Porous APIs Major Risk Man in the middle, content threats, code injection, DoS attacks Don’t care. API security converges along with market price Logical Multi-Tenancy Unknown Risk Virtual machine attacks, malicious code, comingled data Don’t care. Security of the multi-tenant architecture is a problem for [Insert Hypervisor Vendor Name] to solve. Oh, and trust us that your data is separate from your neighbor Data Protection and Major Risk Reduced confidentiality for private data stored in the clear at the cloud provider Leakage Opposite incentive. Clear text data allows me to provide increased functions based on search Data Loss and Reliability Major Risk Unavailability or loss of critical enterprise data Care a little. Infrastructure reliability is guaranteed according to my SLA, plus you get a refund if we mess up ☺ Audit and Monitoring Major Risk Rogue uses of cloud services in Enterprise Care a little. I will provide basic monitoring of infrastructure but the rest is up to you Cloud Provider Insider Unknown Risk Mismatched security practices at CSP creates a weak link for attackers Threats Don’t care. We are secure enough. Just trust us. Account Hacking, Access Major Risk Coarse access control at CSP increases the value of a stolen account Control, and Authorization Care a little. AAA mechanisms must be good enough to support my SaaS app. It’s your job to map to our way of handling identities.
  • 7. Where does Control Lie? Provider Enterprise Four of the seven risks are directly under the enterprise control • Insecure, Porous APIs • Data Protection and Leakage • Audit and Monitoring • Account Hacking, Access Control, and Authorization Short of a boycott, the remaining 3 are largely out of control… • Logical Multi-Tenancy • Data Loss and Reliability • Cloud Provider Insider Threats
  • 10. Cloud - Eucalyptus Cloud Client Customer (consumer) Network Lab Infrastructure Eucalyptus Cloud Bulk Storage Infrastructure iSCSI Walrus Caching Router Cloud Storage Storage Proxy Controller Service Server Cluster block storage and compute Block Block Power managers Cluster Storage Cluster Storage Controller Power Controller Controller Controller Manager Management Node Node Controller Controller Node Node Controller Controller KA3 Node Node Controller Controller Node Node Controller Compute Clusters Controller Node Node Controller Controller
  • 11. Slide 10 KA3 Fix box titles Kelly Anderson, 21/05/2010
  • 12. Basic Model Cloud Provider Web Service Request UDDI or Resource Enterprise Credentials & Policies User User Credentials & Policies IdM Security Profile Internal IdM • Authentication token • Customer access control policies • Customer data protection policies
  • 13. Cloud Access through a Broker Cloud Service Cloud Broker Provider Broker Token Web UDDI or Service UDDI or Resource Resource Enterprise Request Credentials Broker & Policies Credentials User Broker User & Policies Credentials Credentials & Policies & Policies IdM Security Security Profile Profile Internal IdM Internal IdM External IdM
  • 14. #1 – Broker as Management Entry Point Cloud Provider Cloud Mgr Cloud Site 1 Enterprise Consumer Request Service Gateway Cloud Site 2 IdM Identity Reference Cloud Site 3 • Entry point for cloud management (not data, only mgmt) • Single point of entry and validation for all sites and Cloud Consumers • Consistent credentials validation
  • 15. #2 –Broker as Outbound PEP Dynamic Enterprise Perimeter Consumer Private Cloud Cloud Provider 1 User User Cloud Provider 2 User UDDI or Resource • Cloud customer accesses multiple clouds • Internal users don’t want to see that complexity • Broker directs based in policy and converts protocols as necessary • Secures provider access credentials
  • 17. Private Cloud Virtual Gateway Usage Model Private 3. SOAP, REST or JSON SAML Response Cloud 1 Enterprise Service Virtualization 2. Virtualize, Load Balance, Firewall, Generate SAML Token Portal & CRM App Partner Private Cloud 2 IdM , Active API & Token Broker Directory, ABAC 1. User AuthN/Auth- SOAP/REST, Kerberos, Basic Auth, Siteminder, X.509 Dynamic Enterprise Perimeter In VPDC, Service Gateway protects access to Services, maps credentials, enforces ABAC, brokers protocols & formats
  • 18. CloudBurst Security Using Virtual Gateway 3. Local Authentication 4. Mapped to an AWS Credential in Request for Resource 2. Locate Resource(s) Amazon EC2 Enterprise Storage Public Cloud Private IdM or Cloud Active Directory UDDI or API & HSM Resource Force.com Apps Portal or Web Public Cloud Dynamic Service Enterprise Perimeter 5. Generate SAML Request with Request for Resource to Force 1. Request with Credentials to Access a Resource Manage, secure, hide Cloud brokering complexity. Convert formats. Provide access control
  • 19. More Information on Intel SOA Expressway & Cloud w er brings ne T his Intel pap ud Security detail to Clo t practices” Alliance bes vis – Jim Rea irector, Executive D ty Alliance Cloud Securi www.dynamicperimeter.com
  • 20. Questions? Click on the questions tab on your screen, type in your question, name and e-mail address; then hit submit.