Security in Web 2.0, Social Web and Cloud

Vinay Bansal Lead Security Architect, Web and Application Security Cisco Systems iFront Internet Conference 2009 2010 2011 Security in Web 2.0, Social Web and Cloud 2012

Objective at iFront Today ,[object Object],[object Object],[object Object],[object Object],[object Object]

Who am I ,[object Object],[object Object],[object Object],[object Object]

Cisco IT and Supported Web Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What is Social Web, Web 2.0 and Collaboration?

What is Web 2.0? ,[object Object],[object Object],[object Object],[object Object]

Web 2.0 - User Generated Data Who is providing the majority of content for these popular Web sites? - Users

Rich User Experience ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Usability and Interface beyond traditional Web-pages

Harnessing Collective Intelligence Architecture of participation Application that gets better with more people using it

Let’s twist these connections Users End Points Enablers Providers Data

Information Centric Security Users Data 1. Identify User, Authentication 2. Access to which data, Authorization 3. Secure Data Transfer : Encryption 4. Data Center Security 5. Data on Client : Client End Point Security

User’s Security Concerns (Social Sites) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Users

Application Provider’s Security Priorities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Regulations protecting end users Privacy Intellectual Property Business Continuity Regulatory Compliance HIPPA – Health PCI – Credit Cards EU Directive - …. Users Providers

Digital Rights and Data Privacy Challenges ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Malware Spread via Web 2.0/ Social Web ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Growing Challenge for Enterprises and users

Cisco Story - 1 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cisco Story – 1 .. Cont. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cisco Story - 2 ,[object Object],[object Object],[object Object],[object Object]

Cisco Story - 3 SDLC Secure Coding Training Application Vulnerability Assessment (AVA) Architecture Review Application Firewall Threat 3: How to continually improve Application Security? Tying Application Security Practice with Software Development Life Cycle (SDLC)

Cloud Computing and Security Challenges

Cloud Computing? ,[object Object],[object Object],[object Object],[object Object]

Cloud : A big shift for IT ,[object Object],[object Object],[object Object],Public Cloud Private Cloud

Types of Clouds Software as a Service (SaaS) Platform as a Service (SaaS) Infrastructure as a Service (SaaS)

Cloud Computing : Security Risks …1 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cloud Computing : Security Risks …2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cloud Computing : Security Risks …3 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Emerging Trend : Borderless Enterprises

Borderless Enterprise Enterprise Virtualization Communication & Collaboration Remote Desktop (RDE) VNC & Term Server VMWare App/Svc Resiliency Mobile Device Evolution Platform Option Expansion Ubiquitous Connectivity (WiFi, VPN) Global Workforce Sharing & IP Telephony Platforms Web 2.0 Real-time & Customized Interaction Emerging Business Models “ Any Device, Anywhere” 2001-7 2008 2011 * 2010 2009

Drivers for Borderless Enterprise *Single Source of Truth **Born in 1980’s - early 90s

Borderless Enterprise : Security Risks Services Data Assets “ Trusted” Internal Externalizing Trend Externalized Services Company Owned User Owned

Emergence of End Point Reputation based Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Location Behavior Device Ownership Local Policy Simple Userid/Pwd

Cisco: Achieving Borderless Enterprise ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Summarizing and Looking Forward ,[object Object],[object Object],[object Object],[object Object]

“ Our adversaries only have to be right once .”

Contact Information ,[object Object],[object Object],[object Object],[object Object],[object Object]

Security in Web 2.0, Social Web and Cloud

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à Security in Web 2.0, Social Web and Cloud

Similaire à Security in Web 2.0, Social Web and Cloud (20)

Plus de ITDogadjaji.com

Plus de ITDogadjaji.com (20)

Dernier

Dernier (20)

Security in Web 2.0, Social Web and Cloud