Oded Tsur - Ca Cloud Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
879
On Slideshare
879
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WHEN TITLE IS NOT A Security QUESTIO management to, for, and from the cloudCA’s Cloud Security Capabilities & Strategy Oded Tsur CISSP Sr. Solution strategist N O ‘WE CAN’
  • 2. Cloud - Next Wave of IT Architectures 2 Copyright © 2010 CA. All rights reserved.
  • 3. Many Have Adopted Some Cloud ServicesSome Have Adopted Many Cloud Services Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 3 Copyright © 2010 CA. All rights reserved.
  • 4. Why Adopting the Cloud?To Save $ & Time Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 4 Copyright © 2010 CA. All rights reserved.
  • 5. Who is Responsible For Security? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 5 Copyright © 2010 CA. All rights reserved.
  • 6. Do You know Your Cloud Services? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 6 Copyright © 2010 CA. All rights reserved.
  • 7. IAM is #1 Area of Focus for Migration Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 7 Copyright © 2010 CA. All rights reserved.
  • 8. What is the Cloud? SaaS Public Cloud PaaS Hybrid Cloud IaaS Private Cloud8 Copyright © 2010 CA. All rights reserved.
  • 9. Identity & Access Management - Defined Security Policy- REDUCED IDENTITIESMANY IDENTITIES MANY USERS MANY APPLICATIONS CENTRALIZED MANY ADMINS -  Easier administration ADMINISTRATION -  Single Sign-on -  Centralized Security ˉ  Reduced admin costs -  Reduced Costs -  User self-service -  Easier app dev ˉ  Consistent admin across platforms -  Improved auditing for easier compliance ˉ  Automation of IT processes
  • 10. 10 Copyright © 2010 CA. All rights reserved.
  • 11. Un Structured Physical Boundaries — VM Mobility beyond the server room − VMs can be copied, or cloned − Machine memory is accessible from the host − Disc space can be accessed from storage — Challenging Physical Security − Copying a VM = Stealing a server from the server room − The virtual DC is distributed – Not a mainframe11
  • 12. The 4th Dimension - Time — What happens when we revert to snapshot? − LOST Audit Events − LOST configuration − LOST Security Policy — Am I Still Compliant with my Policy?12
  • 13. Cloud Model Drives Security ImplicationsControl .vs. Visibility Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 200913 Copyright © 2010 CA. All rights reserved.
  • 14. Cloud Model Drives Security Implications Private Clouds are a Modern Form of Dedicated IT? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 200914 Copyright © 2010 CA. All rights reserved.
  • 15. Cloud Model Drives Security Implications How do I manage my user’s SaaS accounts & their access? How do I collect & analyze SaaS security logs? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 200915 Copyright © 2010 CA. All rights reserved.
  • 16. Cloud Model Drives Security Implications How do I define & enforce access policies in PaaS applications without creating more security silos? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 200916 Copyright © 2010 CA. All rights reserved.
  • 17. Cloud Model Drives Security Implications How do I control privileged users in IaaS…both theirs & ours? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 200917 Copyright © 2010 CA. All rights reserved.
  • 18. IAM & Trust Before Cloud— Trust established between the user & enterprise −  Or between user & each application when applications are silo-ed— IAM is deployed on-premise Enterprise   Corporate   Directory   “Iden4ty   Provider”   Public IAM User   Remote user In-­‐house   Applica4ons   18 Copyright © 2010 CA. All rights reserved.
  • 19. Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud Trust Models Will Need to Change19 Copyright © 2010 CA. All rights reserved.
  • 20. 1 Extend Enterprise Security to the Cloudq  Enterprises will use more SaaS applications & Cloud servicesq  Trust model will be between user & enterpriseq  The On-Premise IAM system “extends” out to the CloudØ  Provisioning and SSO to SaaS ApplicationsØ  Cloud Web Services for Mashing ApplicationsØ  Access Governance (certification & attestation) extends to CloudØ  Log Collection of Cloud applications Public Enterprise LAN Corporate Remote user Directory “Identity Provider” IAM User Dir Dir Dir 20 Copyright © 2010 CA. All rights reserved.
  • 21. 1 Extend Enterprise Security to the Cloud Need to… Provision users to SaaS Applications (SFDC, Google, etc) SSO (SAML-based) & Access Control to SaaS Applications Access Control to Cloud-based Web Services for building mashed applications Log access to SaaS Applications Control information while using SaaS Applications21 Copyright © 2010 CA. All rights reserved.
  • 22. 1 Extend Enterprise Security to the Cloud Need to… Solution Provision users to SaaS Applications (SFDC, CA Identity Manager Google, etc) SSO (SAML-based) & Access Control to SaaS CA SiteMinder Applications CA Federation Manager Access Control to Cloud-based Web Services CA SOA Security for building mashed applications Manager Log access to SaaS Applications CA Enterprise Log Manager Control information while using SaaS CA DLP Applications22 Copyright © 2010 CA. All rights reserved.
  • 23. 2 Security to enable Cloud Providersq  Enterprises providing private clouds & Organizations providing public cloudsq  Security improvements needed to become more trusted Ø  Need to provide effective security controls Ø  Need to prove their controls through real time reporting Public Cloud Ø  Increase transparency of policies App 3 App 3 App 1 App 1 App 2 App 3 Customer 1 Customer 2 Customer n Enterprise Private Cloud App 3 App 3 Hyper Visor App 1 App 2 App 3 Hardware Hyper Visor IAM Hardware IAM 23 Copyright © 2010 CA. All rights reserved.
  • 24. 2 Entire CA IAM Solution for the Cloud The control you need to confidently drive business forward Control Control Control Identities Access Information Manage and govern Control access to systems Find, classify and controlFocus identities and what they & applications across how information is used can access based on physical, virtual & cloud based on content and their role environments identity § CA Role & Compliance Mgr § CA Access Control § CA DLPProducts § CA Identity Manager § CA SiteMinder § CA Enterprise Log Manager § CA Federation Manager § CA SOA Security Manager Content Aware Identity and Access Management 24 Copyright © 2010 CA. All rights reserved.
  • 25. Security to enable Cloud Providers2 Support Virtualization & extend control to the hypervisor— Support Virtualization −  Secure Virtual Machines −  Log Collection from Virtual Machines −  Secure Privileged Partitions— Manage Complexity −  Deployment (Security encapsulation) −  Automation −  Extend Policy Management— Repeatable Compliance −  Control Identities, Access and Information −  Transparency of Access and Logs −  Cloud-Provider specific compliance requirements (eg. SAS-70)25 Copyright © 2010 CA. All rights reserved.
  • 26. 3 Security from the Cloud Identity Services from the Cloudq  Eventually even user Identity (proofing, authentication, authorization/SSO, provisioning…) can be managed by a Cloud Serviceq  Trust will be very different Cloud IM Service Ø  User to Cloud security service “Identity Public ProvideR” Enterprise Corporate Remote user Directory “Identity Provider” IAM App User Dir DirIn-house DirApplications 26 Copyright © 2010 CA. All rights reserved.
  • 27. Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud27 Copyright © 2010 CA. All rights reserved.
  • 28. TIT E IS AQ&A QUESoded.tsur@ca.com ‘WE CAN ANSW IN BO