SlideShare a Scribd company logo

PCTY 2012, Cloud security (real life) v. Ulf Feger

Download as PPT, PDF
IBM Danmark
IBM Danmark

Præsentation fra PCTY 2012 v. Ulf Feger

TechnologyBusiness
1 of 39
Cloud Security Abstract: Cloud security or security for the cloud is neither a „big bang” nor is it something completely new. It’s a transformation process of taking existing methodologies and technologies and adapting them depending on the cloud business road you are taking. This is not limited to just technology assets but also includes policies, processes, and of course the handling of (business) expectations. What might such a roadmap look like and is it then limited to security only? Ulf Feger Security Architect, CISSP, COBIT Practitioner (ISACA) Cloud Security & Security Solutions IBM Security Systems Division Member of the Board, Cloud Security Alliance, German Chapter
Cloud & Security Customer Expectations and Experiences  Healing bei Touching – or Cloud is a devil  The Cloud – yes, of course with Security – solves all our Security challenges, we will have no problems anymore  Open discussions: I know what I know and to be honest tell me what I should know  What you tell me is not Cloud security that‘s security  The roadmap to Cloud & Security  Customer expectations towards IBM – Understand their environment (on given information) – Understand their security concepts & architecture (on the given information) – Be able to talk to network people, sw architects, security architects – Provide inside, give feedback  What we do: – All of the stuff above – Open discussions in highly political environment – Offered more input based on existing material like BSI MindMap – Fed people with news ideas like VSP, Cloud Security is more than some techie stuff only 2
Cloud & Security Transformation of Security, of Security Awareness, of the Need for Security The Fortress 3
Cloud & Security Who is attacking our networks? 4
Cloud & Security Zeus Crimeware Service Hosting for costs $50 for 3 months. This includes the following: # Fully set up ZeuS Trojan with configured FUD binary. # Log all information via internet explorer # Log all FTP connections # Steal banking data # Steal credit cards # Phish US, UK and RU banks # Host file override # All other ZeuS Trojan features # Fully set up MalKit with stats viewer inter graded. # 10 IE 4/5/6/7 exploits # 2 Firefox exploits # 1 Opera exploit“ We also host normal ZeuS clients for $10/month. This includes a fully set up zeus panel/configured binary 5 FUD = Full Undetectable,
Cloud & Security Transformation of Security, of Security Awareness, of the Need for Security The Fortress The User 6
Cloud & Security 7
Cloud & Security 8
Cloud & Security - Ernst & Young - Daimler - Deutsche Bank - wecon-it consulting - TU Darmstadtt - Siemens - Fraunhofer AISEC - Verizon - Suse/Novell - Vodafone - Siemens Communications - NetApp - T-Systems - Detecon - IBM - more coming soon 9
Cloud & Security 10
Cloud Reference Architecture for Enterprise Architects
Cloud & Security Risik versus Potential Risk is doing something and Risk is doing it not. from CISM© Review Manual 2012 12
Cloud & Security IBM Cloud Computing Reference Architecture The IBM CC RA represents the aggregate experience across hundreds of cloud client engagements and the implementation of IBM-hosted clouds Cloud Service Cloud Service Provider Cloud Service Consumer Creator Cloud Services Common Cloud Management Platform (CCMP) – Based on knowledge of IBM’s services, Existing & 3rd party Business-Process- software & system experiences, including IBM services, Partner Ecosystems as-a-Service Cloud Research Service Integration Tools Sof tware-as-a-Service Operational Business Service Support Support Creation Services Services Tools (OSS) (BSS) Platf orm-as-a-Service Consumer In-house IT Inf rastructure-as-a-Service Inf rastructure The IBM Cloud Computing Reference Architecture Security, Resiliency, Performance & Consumability (CC RA) is reflected in the design of Governance – IBM-hosted cloud services OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc CCRA Whitepaper on ibm.com: http://www.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=WH&appname=GTSE_CI_CI_USEN&htmlfid=CIW03078USEN&attachment=CIW03078USEN.PDF 13
Cloud & Security Cloud Computing Reference Architecture (CC RA) – Security, Resiliency, Performance & Consumability drill-down Cloud Service Cloud Service Provider Cloud Service Consumer Creator Cloud Services Common Cloud Management Platform Existing & 3rd party Business-Process- services, Partner as-a-Service Ecosystems Cloud Service Integration Tools Software-as-a-Service Operational Business Service Support Support Creation Tools Services Services (BSS) (OSS) Platform-as-a-Service Consumer In-house IT Infrastructure-as-a-Service Infrastructure Security Resiliency Consumability Software, System Access & Identity Resiliency Security Event Ease of Doing & Service Lifecycle Data Resiliency Compliance Readily Adapts Management Assurance Management Assessment Business Data and Configuration for Resiliency Policy Positive First Simplified Security Policy Information Governance Management Resiliency Use Experience Operations Protection Threat & Resiliency Availability & Security Data policy Rapidly Vulnerability Monitoring / Continuity Entitlement enforcement Analysis Management Integrates Management Security, Resiliency, Performance & Consumability 14 Governance © 2011 IBM Corporation
Cloud & Security Architecture Principles IBM Security Framework: Business Security Reference Model Governance, Risk, People and Identity Data and Information Compliance (GRC) IT Infrastructure: Application and Process Network, Server, End Physical Infrastructure Point Foundational Security Management Software, System and Identity, Access and Data and Information Threat and Vulnerability IT Service Management Service Assurance Entitlement Management Protection Management Management Command and Control Security Policy Risk and Compliance Physical Asset Management Management Assessment Management Security Services and Infrastructure Security Info and Identity, Access and Security Policy Crypto, Key and Service Management Event Infrastructure Entitlement Infrastructure Infrastructure Certificate Infrastructure Infrastructure Host and End-point Storage Security Application Security Network Security Physical Security Security Code and Identities and Events and Images Policies Attributes Logs Security Data Repositories Service Levels and Classification Config Info Operational IT Security Designs and Registry Context Knowledge 15
Cloud Governance - GRC .. hey .. and what else ? .. and what’s the meaning of G R C ?
Cloud & Security The majority of corporations avoid the use of Cloud Computing because of Security and Goverance risks and the lack of trust in to the service provider1) Obstacles for Cloud-Projects Question: „Do you use cloud Frage: „Because of which reasons do you decided not to computing solutions already or do you use cloud computing solutions (multiple answers are plan the use them in near future? “ possible)? Risk of loss of Governance / and Control Inadequate Data Security / Availability Open Compliance or Legal issues Doubts in regard to the long term No: 54% Yes: 46% availability of the offering Risik of a Vendor- Lock-In No commercial benefit Licence issues 0% 10% 20% 30% 40% 50% 60% 1) „Cloud Computing in Germany“ – Survey Results from Deloitte and BITKOM, January 2011 17
Cloud & Security Requirements – Cloud Computing & Security (plus GRC + ..) Security topics – technical & process related  Data Security & Data Privacy  Access Management & Identity Management - IAM Cloud Services  Application and Service Provisioning incl. Removal  Application and Systems test incl. Data Pro- and De-Provisioning Cloud Computing Model  Service Level Agreement – SLA Management  Vulnerability Management – Detection, Scoring, Removal  Threat Analysis  Service Availability incl. local/national load balancing  Auditability & Governance (GRC – Governance, Risk & Compliance)  Cross-border law.abiding, e.g. person related data & processes 18
Cloud & Security Cloud from the viewpoint of Export Regulations (ER) An Export takes place when .. Root Access  Cross border Clouds – the data crosses the border Cross Border Cloud Computing  Distributed service offerings means  The server and data stay in the local country  Who gets which kind or type of root access to/for what ? 19
Cloud & Security 20
Cloud & Security Understand Compliance requirements – Data Privacy – Data Security Expectation 1  Improvement in Security 2  Inner Security 4  Reduction in Cost  Outer Securitty „How do I prove?“  Load Optimization  Operational Security 3 5 traceability & Focus: verifiability & „What do I really need?“ auditability Goal understand business security guidelines, risks and threats rules, policies Security Compliance Management awareness, monitoring & implementation & detection automization Risk Risk – Appetite ? Cloud - Workload -> Risk Assessment / Analysis / Accreditation / Certification 21
Cloud & Security Business processes, use cases, assets • C – Confidentiality Matrix items to evaluate: • I – Integrity - authentication (item1) Potential Damage • A – Availability - data transfer (item2) - .. I5-c high i2-a (4) i5-i i2-c i5-a medium i3-c (3) i1-c i2-c i1-a i3-i low i4-i (2) i7-a insignificant (1) impossible low medium high very high Probability (0) (2) (3) (4) (4) 22
Concepts, Processes, Tools The Roadmap towards Cloud Security - a Transformation Process
The Roadmap to where ? Cloud & Security Cloud transformation phases to your own cloud. Where‘s your Security ? Does it fit to your risk appetite ? 1 2 3 4 5 IT IT IT IT IT processes processes processes processes processes Bus Transition Cloud(ization) Pro 4 Transition Bus Automatization Pro 3 Bus Transition Standardization Pro 2 Bus Virtualization Pro 1 Bus Consolidation Pro Elimination Exp: Baseline VSP Compliance Approval GRC Target Security SIEM rules, Reporting Approval Workflows 24
Cloud & Security 4 (simple) examples of underestimated threats x Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen 25
Requirements and Challenges to cover and solve
Cloud & Security https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Minimum_information/SecurityRecommendationsCloudComputingProviders.html 27
Cloud & Security Eckpunktepapier- Sicherheitsempfehlungen Security Recommendation for Cloud Computing für Cloud Computing Anbieter Providers More sources: • IT-Grundschutz • BSI-Standard 100-2/100-4 • ISO 27001/2 • Cloud Security Alliance – German Chapter, cloudsecurityalliance.org • ISF – Information Security Forum, www.securityforum.org • TMForum – TeleManagement Forum, www.tmfourm.org • Euro Cloud e.V. en.eurocloud.de/ https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Mindestanforderungen/Eckpunktepapier-Sicherheitsempfehlungen-CloudComputing-Anbieter.pdf?__blob=publicationFile 28
Cloud & Security the result .. 29 To get the MindMap contact ulf.feger@de.ibm.com
Cloud & Security n tio Supporting Security landscape – What is the aim of my security ? ap ad Desktop/Client Security Policy Connection Repository HTTP (incl. SOAP/ HTTP) Connection Identity Repository Admin User Web Services (Person & Account) ic Connection User Self- Admin. service Identity Synchronisation m Reporting Tivoli Identity Manager (TIM) Workflow & Lifecycle Tivoli Access Manager for e-business (TAMeb) Common Cloud Entitlement Policy Identity HR Store System na Tivoli Federated Identity Manager (TFIM) Auditor Management Platform Provisioning Engine Management Domain Tivoli Security Policy Manager (TSPM) dy Reconciliation Provisioning Tivoli Access Manager for Enterprise Single Signon (TAM E-SSO) SSO WS Fed Web Policy Policy SSO Policy Tivoli Compliance Insight Manager (TCIM) Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Cloud Services Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ FedSSO A&A FedSSO BSS Apps Staff A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log OSS Audit Log Consolidation Audit Policy Compliance Reporting 30 Auditor Auditor
Cloud & Security Supporting Security landscape – What is the aim of my security ? Desktop/Client Security Policy Connection Repository HTTP (incl. SOAP/ HTTP) Connection Identity Repository Admin User Web Services (Person & Account) Connection User Self- Admin. service Identity Synchronisation Reporting Tivoli Identity Manager (TIM) Workflow & Lifecycle Tivoli Access Manager for e-business (TAMeb) Entitlement Policy Identity HR Store System Tivoli Federated Identity Manager (TFIM) Auditor Provisioning Engine Management Domain Tivoli Security Policy Manager (TSPM) Reconciliation Provisioning Tivoli Access Manager for Enterprise Single Signon (TAM E-SSO) SSO WS Fed Web Policy Policy SSO Policy Tivoli Compliance Insight Manager (TCIM) Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Web Cloud Platform Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization Cloud Services HTTP Server Authorization Web Consumer App Enterprise Single Signon BSS User Authentication Web Internet OSS App Other Employee/ FedSSO Apps Staff FedSSO A&A A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Apps Identity Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy Compliance Reporting Auditor Auditor 31
Cloud & Security Admin User User Self- Admin. service Identity Synchronisation Reporting Common Cloud Workflow & Lifecycle Entitlement Policy Identity HR Management Platform Store System Auditor Provisioning Engine Management Domain Reconciliation Provisioning SSO WS Fed Web Policy Policy SSO Policy Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Cloud Services Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ BSS FedSSO Apps Staff A&A FedSSO A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy OSS Compliance Reporting Auditor Auditor 32
Cloud & Security Admin User User Self- Admin. service Identity Synchronisation Reporting Common Cloud Workflow & Lifecycle Entitlement Policy Identity HR Management Platform Store System Auditor Provisioning Engine Management Domain Reconciliation Provisioning SSO WS Fed Web Policy Policy SSO Policy Mgmt Mgmt Conf. Mgmt Admin(s) Cloud Services Policy Enforce Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ BSS FedSSO Apps Staff A&A FedSSO A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy OSS Compliance Reporting Auditor Auditor 33
Which challenges have to be&solved – a long list, a new list ? Cloud Security csIT - “traditionell” mi Cloud – Service User Cloud ––(Service) Provider Cloud (Service) Provider User: na control incl. rule based policy • Access y managment • Access control incl. rule based policy dD managment • Service Offering lo u • User and entitlement management incl. processes mngment and p.-automation • User and entitlement management incl. processes mngment and p.-automation C Duties: • Role based separation of duties • Role bases separation of duties - Authentication • Security policy management • Security policy management - Authorization - del. Administration • Security monitoring, auditing, compliance • Security monitoring, auditing, compliance - pay the bill reporting reporting • SOD for multi tenancy • SoD for multi tenancy Expectations: • Reporting (SoD based) - Security infor- • Reporting (SoD based) - Security infor- -SLA Fulfillment mation and Event Management mation and Event Management -Compliance • Compliance audit & reporting across the • Compliance audit & reporting across the -Detailed Reporting IT infrastructure and processes IT infrastructure and processes • Protection and security for the virtualized • Protection and security for the virtualized environment (network / hosts / VMs) environment (network / hosts / VMs) • Protection and compliance tool for server • Protection and compliance tool for server verification verification • Configuration and change management • Configuration and change management • Connectivity / linkage with YOUR accoun- • Connectivity / linkage with YOUR accoun- 34 ting model (Metering & Rating) ting model (Metering & Rating)
Cloud & Security IBM Cloud Components – more than Virtualization only 10. Management 9. Visualization of the services Service Level related to business targets and Agreements (SLAs) Service agreements 8. Collect, Analyze, and 11. Exit-Management Report -> Acounting based on usage / costs / licence model Common Cloud Management Platform 1. Ordering / 3. Provisioning Cloud Services of the service booking from a 7. Realtime Management service Event Consolidation rgd. catalogue BSS the Business Services 4. Integration with OSS 6. Monitoring 2. integration with - Service Monitoring Storage Area Service Desk -Platform Monitoring Network (SAN) and und IT Asset netzwork(poo) Management + - Performance AND the Security Processes - Security Alerts Managment 5. Service - PUMA Discovery, -… Change & Configuration Service = Software, Platform, Infrastructure (i.e. Composite Management: Application, Physical / Virtual OS, Middleware, Network, Storage - Service - Platform Not in all cases will all steps exist in a client engagement 35
Cloud & Security Distributed Cloud Setup 36
Cloud & Security The Cloud – Layers “Cloud” Test/Dev Training Applikationen ... 3 Standardization Standardization / Service Catalogue / Image Catalogue Ressource Planing Request Approval Workflow (Request / Quota ..) Provisioning / Usage / 4 Automization Removal Accounting / Billing Process Automation Engine Monitoring High Availability Dynamic Secure and highly Provisioning Security 5 availabe private Repository  Secure virt. env. cloud  Identity & Access Mgmt. Virtualization Power VM, VMware, KVM… 2 Virtualization Resources 1 Consolidation 37
PCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf Feger

Recommended

Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Azlan NL
 
Managing your Cloud with Confidence
Managing your Cloud with Confidence Managing your Cloud with Confidence
Managing your Cloud with Confidence CA Nimsoft
 
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...Xenesys
 
Understanding private cloud computing
Understanding private cloud computing Understanding private cloud computing
Understanding private cloud computing Cisco Canada
 
IT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecIT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecFujitsu France
 
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01Newlink
 
Microsoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud ComputingMicrosoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud Computingguestaebb4a1
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 

Recommended

Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Azlan NL
 
Managing your Cloud with Confidence
Managing your Cloud with Confidence Managing your Cloud with Confidence
Managing your Cloud with Confidence CA Nimsoft
 
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...Xenesys
 
Understanding private cloud computing
Understanding private cloud computing Understanding private cloud computing
Understanding private cloud computing Cisco Canada
 
IT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecIT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecFujitsu France
 
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01
Ciscounifiedservicedeliverylaunchmay2009final 090512004229-phpapp01Newlink
 
Microsoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud ComputingMicrosoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud Computingguestaebb4a1
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)IBM Danmark
 
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...Jennifer Stevenson
 
Managed Hosting for Dynamic Enterprises
Managed Hosting for Dynamic EnterprisesManaged Hosting for Dynamic Enterprises
Managed Hosting for Dynamic Enterpriseswebhostingguy
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, HowKennisportal
 
Stream 1 - Cloud Computing
Stream 1 - Cloud ComputingStream 1 - Cloud Computing
Stream 1 - Cloud ComputingIBM Business Insight
 
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderC bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderMegan Irvine
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
T1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh finalT1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh finalEMC Forum India
 
Dancing With Clouds
Dancing With CloudsDancing With Clouds
Dancing With Cloudsjnoelatpna
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudGovCloud Network
 
EMC Forum Track Introductions
EMC Forum Track IntroductionsEMC Forum Track Introductions
EMC Forum Track IntroductionsEMC Forum India
 
Unify Your Unified Communications Australia
Unify Your Unified Communications AustraliaUnify Your Unified Communications Australia
Unify Your Unified Communications AustraliaAcmePacket
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profileMetasoftSolutionsPvtLtd
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumTom Crombez
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 
Stream 3 - Cloud Computing
Stream 3 - Cloud ComputingStream 3 - Cloud Computing
Stream 3 - Cloud ComputingIBM Business Insight
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
C bu06 planning_your_cloud_education
C bu06 planning_your_cloud_educationC bu06 planning_your_cloud_education
C bu06 planning_your_cloud_educationMegan Irvine
 
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...Club Cloud des Partenaires
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryPhil Agcaoili
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 

More Related Content

What's hot

Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)IBM Danmark
 
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...Jennifer Stevenson
 
Managed Hosting for Dynamic Enterprises
Managed Hosting for Dynamic EnterprisesManaged Hosting for Dynamic Enterprises
Managed Hosting for Dynamic Enterpriseswebhostingguy
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, HowKennisportal
 
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderC bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderMegan Irvine
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
T1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh finalT1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh finalEMC Forum India
 
Dancing With Clouds
Dancing With CloudsDancing With Clouds
Dancing With Cloudsjnoelatpna
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudGovCloud Network
 
EMC Forum Track Introductions
EMC Forum Track IntroductionsEMC Forum Track Introductions
EMC Forum Track IntroductionsEMC Forum India
 
Unify Your Unified Communications Australia
Unify Your Unified Communications AustraliaUnify Your Unified Communications Australia
Unify Your Unified Communications AustraliaAcmePacket
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumTom Crombez
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 

What's hot (17)

Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)
 
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
Grow your Business: Webcast Wednesday Presentation Series Microsoft Partner O...
 
Managed Hosting for Dynamic Enterprises
Managed Hosting for Dynamic EnterprisesManaged Hosting for Dynamic Enterprises
Managed Hosting for Dynamic Enterprises
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, How
 
Stream 1 - Cloud Computing
Stream 1 - Cloud ComputingStream 1 - Cloud Computing
Stream 1 - Cloud Computing
 
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderC bu07 cloud_offering_decoder
C bu07 cloud_offering_decoder
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
T1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh finalT1 05 emc forum track introductions manoj chugh final
T1 05 emc forum track introductions manoj chugh final
 
Dancing With Clouds
Dancing With CloudsDancing With Clouds
Dancing With Clouds
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
 
EMC Forum Track Introductions
EMC Forum Track IntroductionsEMC Forum Track Introductions
EMC Forum Track Introductions
 
Unify Your Unified Communications Australia
Unify Your Unified Communications AustraliaUnify Your Unified Communications Australia
Unify Your Unified Communications Australia
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuum
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloud
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Stream 3 - Cloud Computing
Stream 3 - Cloud ComputingStream 3 - Cloud Computing
Stream 3 - Cloud Computing
 

Similar to PCTY 2012, Cloud security (real life) v. Ulf Feger

Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
C bu06 planning_your_cloud_education
C bu06 planning_your_cloud_educationC bu06 planning_your_cloud_education
C bu06 planning_your_cloud_educationMegan Irvine
 
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...Club Cloud des Partenaires
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryPhil Agcaoili
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
Cloud computing – an emerging paradigm
Cloud computing – an emerging paradigmCloud computing – an emerging paradigm
Cloud computing – an emerging paradigmNazneen Sheikh
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management FirestarterBala Subra
 
Gen-i Cloud 101 presentation
Gen-i Cloud 101 presentationGen-i Cloud 101 presentation
Gen-i Cloud 101 presentationSimmy_online
 
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...HKISPA
 
Cloud Computing And Citrix C3 - July 2009
Cloud Computing And Citrix C3 - July 2009Cloud Computing And Citrix C3 - July 2009
Cloud Computing And Citrix C3 - July 2009Michael Harries
 
Best practices for Vblock Monitoring with FusionStorm and Nimsoft
Best practices for Vblock Monitoring with FusionStorm and NimsoftBest practices for Vblock Monitoring with FusionStorm and Nimsoft
Best practices for Vblock Monitoring with FusionStorm and NimsoftCA Nimsoft
 
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoylePCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoyleIBM Danmark
 
Private cloud at BMW Group – An open approach
Private cloud at BMW Group – An open approach Private cloud at BMW Group – An open approach
Private cloud at BMW Group – An open approach Open Data Center Alliance
 
What Does Cloud Computing Mean for the Channel?
What Does Cloud Computing Mean for the Channel?What Does Cloud Computing Mean for the Channel?
What Does Cloud Computing Mean for the Channel?SMB Group
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWes Yanaga
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industriesdirkbeth
 

Similar to PCTY 2012, Cloud security (real life) v. Ulf Feger (20)

Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
 
C bu06 planning_your_cloud_education
C bu06 planning_your_cloud_educationC bu06 planning_your_cloud_education
C bu06 planning_your_cloud_education
 
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
2012.05.11 - Cloud Builders - RV des Experts - Forum du Club Cloud des Parten...
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 February
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
Cloud computing – an emerging paradigm
Cloud computing – an emerging paradigmCloud computing – an emerging paradigm
Cloud computing – an emerging paradigm
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management Firestarter
 
UNIT - I.docx
UNIT - I.docxUNIT - I.docx
UNIT - I.docx
 
Gen-i Cloud 101 presentation
Gen-i Cloud 101 presentationGen-i Cloud 101 presentation
Gen-i Cloud 101 presentation
 
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
 
Cloud Computing And Citrix C3 - July 2009
Cloud Computing And Citrix C3 - July 2009Cloud Computing And Citrix C3 - July 2009
Cloud Computing And Citrix C3 - July 2009
 
Best practices for Vblock Monitoring with FusionStorm and Nimsoft
Best practices for Vblock Monitoring with FusionStorm and NimsoftBest practices for Vblock Monitoring with FusionStorm and Nimsoft
Best practices for Vblock Monitoring with FusionStorm and Nimsoft
 
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoylePCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
 
Private cloud at BMW Group – An open approach
Private cloud at BMW Group – An open approach Private cloud at BMW Group – An open approach
Private cloud at BMW Group – An open approach
 
What Does Cloud Computing Mean for the Channel?
What Does Cloud Computing Mean for the Channel?What Does Cloud Computing Mean for the Channel?
What Does Cloud Computing Mean for the Channel?
 
CeBIT-Preview Hamburg
CeBIT-Preview HamburgCeBIT-Preview Hamburg
CeBIT-Preview Hamburg
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App Fabric
 
ODCA Solutions Panel at IDF 2011
ODCA Solutions Panel at IDF 2011ODCA Solutions Panel at IDF 2011
ODCA Solutions Panel at IDF 2011
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
 

More from IBM Danmark

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyIBM Danmark
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjIBM Danmark
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenIBM Danmark
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip NyborgIBM Danmark
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim EscherichIBM Danmark
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenIBM Danmark
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonIBM Danmark
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice BayerIBM Danmark
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBMIBM Danmark
 
Intel HPC Update
Intel HPC UpdateIntel HPC Update
Intel HPC UpdateIBM Danmark
 
IBM general parallel file system - introduction
IBM general parallel file system - introductionIBM general parallel file system - introduction
IBM general parallel file system - introductionIBM Danmark
 
NeXtScale HPC seminar
NeXtScale HPC seminarNeXtScale HPC seminar
NeXtScale HPC seminarIBM Danmark
 
Future of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenFuture of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenIBM Danmark
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyIBM Danmark
 
Future of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnFuture of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnIBM Danmark
 
Future of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenFuture of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenIBM Danmark
 
Future of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexFuture of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexIBM Danmark
 
Future of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichFuture of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichIBM Danmark
 
Future of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenFuture of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenIBM Danmark
 

More from IBM Danmark (20)

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinley
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia Rønhøj
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip Nyborg
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim Escherich
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. Madsen
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter Jönsson
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice Bayer
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBM
 
Mellanox IBM
Mellanox IBMMellanox IBM
Mellanox IBM
 
Intel HPC Update
Intel HPC UpdateIntel HPC Update
Intel HPC Update
 
IBM general parallel file system - introduction
IBM general parallel file system - introductionIBM general parallel file system - introduction
IBM general parallel file system - introduction
 
NeXtScale HPC seminar
NeXtScale HPC seminarNeXtScale HPC seminar
NeXtScale HPC seminar
 
Future of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenFuture of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian Nielsen
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
 
Future of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnFuture of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren Ravn
 
Future of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenFuture of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim Mortensen
 
Future of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexFuture of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik Rex
 
Future of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichFuture of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim Escherich
 
Future of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenFuture of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-Jensen
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

PCTY 2012, Cloud security (real life) v. Ulf Feger

  • 1. Cloud Security Abstract: Cloud security or security for the cloud is neither a „big bang” nor is it something completely new. It’s a transformation process of taking existing methodologies and technologies and adapting them depending on the cloud business road you are taking. This is not limited to just technology assets but also includes policies, processes, and of course the handling of (business) expectations. What might such a roadmap look like and is it then limited to security only? Ulf Feger Security Architect, CISSP, COBIT Practitioner (ISACA) Cloud Security & Security Solutions IBM Security Systems Division Member of the Board, Cloud Security Alliance, German Chapter
  • 2. Cloud & Security Customer Expectations and Experiences  Healing bei Touching – or Cloud is a devil  The Cloud – yes, of course with Security – solves all our Security challenges, we will have no problems anymore  Open discussions: I know what I know and to be honest tell me what I should know  What you tell me is not Cloud security that‘s security  The roadmap to Cloud & Security  Customer expectations towards IBM – Understand their environment (on given information) – Understand their security concepts & architecture (on the given information) – Be able to talk to network people, sw architects, security architects – Provide inside, give feedback  What we do: – All of the stuff above – Open discussions in highly political environment – Offered more input based on existing material like BSI MindMap – Fed people with news ideas like VSP, Cloud Security is more than some techie stuff only 2
  • 3. Cloud & Security Transformation of Security, of Security Awareness, of the Need for Security The Fortress 3
  • 4. Cloud & Security Who is attacking our networks? 4
  • 5. Cloud & Security Zeus Crimeware Service Hosting for costs $50 for 3 months. This includes the following: # Fully set up ZeuS Trojan with configured FUD binary. # Log all information via internet explorer # Log all FTP connections # Steal banking data # Steal credit cards # Phish US, UK and RU banks # Host file override # All other ZeuS Trojan features # Fully set up MalKit with stats viewer inter graded. # 10 IE 4/5/6/7 exploits # 2 Firefox exploits # 1 Opera exploit“ We also host normal ZeuS clients for $10/month. This includes a fully set up zeus panel/configured binary 5 FUD = Full Undetectable,
  • 6. Cloud & Security Transformation of Security, of Security Awareness, of the Need for Security The Fortress The User 6
  • 9. Cloud & Security - Ernst & Young - Daimler - Deutsche Bank - wecon-it consulting - TU Darmstadtt - Siemens - Fraunhofer AISEC - Verizon - Suse/Novell - Vodafone - Siemens Communications - NetApp - T-Systems - Detecon - IBM - more coming soon 9
  • 11. Cloud Reference Architecture for Enterprise Architects
  • 12. Cloud & Security Risik versus Potential Risk is doing something and Risk is doing it not. from CISM© Review Manual 2012 12
  • 13. Cloud & Security IBM Cloud Computing Reference Architecture The IBM CC RA represents the aggregate experience across hundreds of cloud client engagements and the implementation of IBM-hosted clouds Cloud Service Cloud Service Provider Cloud Service Consumer Creator Cloud Services Common Cloud Management Platform (CCMP) – Based on knowledge of IBM’s services, Existing & 3rd party Business-Process- software & system experiences, including IBM services, Partner Ecosystems as-a-Service Cloud Research Service Integration Tools Sof tware-as-a-Service Operational Business Service Support Support Creation Services Services Tools (OSS) (BSS) Platf orm-as-a-Service Consumer In-house IT Inf rastructure-as-a-Service Inf rastructure The IBM Cloud Computing Reference Architecture Security, Resiliency, Performance & Consumability (CC RA) is reflected in the design of Governance – IBM-hosted cloud services OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc CCRA Whitepaper on ibm.com: http://www.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=WH&appname=GTSE_CI_CI_USEN&htmlfid=CIW03078USEN&attachment=CIW03078USEN.PDF 13
  • 14. Cloud & Security Cloud Computing Reference Architecture (CC RA) – Security, Resiliency, Performance & Consumability drill-down Cloud Service Cloud Service Provider Cloud Service Consumer Creator Cloud Services Common Cloud Management Platform Existing & 3rd party Business-Process- services, Partner as-a-Service Ecosystems Cloud Service Integration Tools Software-as-a-Service Operational Business Service Support Support Creation Tools Services Services (BSS) (OSS) Platform-as-a-Service Consumer In-house IT Infrastructure-as-a-Service Infrastructure Security Resiliency Consumability Software, System Access & Identity Resiliency Security Event Ease of Doing & Service Lifecycle Data Resiliency Compliance Readily Adapts Management Assurance Management Assessment Business Data and Configuration for Resiliency Policy Positive First Simplified Security Policy Information Governance Management Resiliency Use Experience Operations Protection Threat & Resiliency Availability & Security Data policy Rapidly Vulnerability Monitoring / Continuity Entitlement enforcement Analysis Management Integrates Management Security, Resiliency, Performance & Consumability 14 Governance © 2011 IBM Corporation
  • 15. Cloud & Security Architecture Principles IBM Security Framework: Business Security Reference Model Governance, Risk, People and Identity Data and Information Compliance (GRC) IT Infrastructure: Application and Process Network, Server, End Physical Infrastructure Point Foundational Security Management Software, System and Identity, Access and Data and Information Threat and Vulnerability IT Service Management Service Assurance Entitlement Management Protection Management Management Command and Control Security Policy Risk and Compliance Physical Asset Management Management Assessment Management Security Services and Infrastructure Security Info and Identity, Access and Security Policy Crypto, Key and Service Management Event Infrastructure Entitlement Infrastructure Infrastructure Certificate Infrastructure Infrastructure Host and End-point Storage Security Application Security Network Security Physical Security Security Code and Identities and Events and Images Policies Attributes Logs Security Data Repositories Service Levels and Classification Config Info Operational IT Security Designs and Registry Context Knowledge 15
  • 16. Cloud Governance - GRC .. hey .. and what else ? .. and what’s the meaning of G R C ?
  • 17. Cloud & Security The majority of corporations avoid the use of Cloud Computing because of Security and Goverance risks and the lack of trust in to the service provider1) Obstacles for Cloud-Projects Question: „Do you use cloud Frage: „Because of which reasons do you decided not to computing solutions already or do you use cloud computing solutions (multiple answers are plan the use them in near future? “ possible)? Risk of loss of Governance / and Control Inadequate Data Security / Availability Open Compliance or Legal issues Doubts in regard to the long term No: 54% Yes: 46% availability of the offering Risik of a Vendor- Lock-In No commercial benefit Licence issues 0% 10% 20% 30% 40% 50% 60% 1) „Cloud Computing in Germany“ – Survey Results from Deloitte and BITKOM, January 2011 17
  • 18. Cloud & Security Requirements – Cloud Computing & Security (plus GRC + ..) Security topics – technical & process related  Data Security & Data Privacy  Access Management & Identity Management - IAM Cloud Services  Application and Service Provisioning incl. Removal  Application and Systems test incl. Data Pro- and De-Provisioning Cloud Computing Model  Service Level Agreement – SLA Management  Vulnerability Management – Detection, Scoring, Removal  Threat Analysis  Service Availability incl. local/national load balancing  Auditability & Governance (GRC – Governance, Risk & Compliance)  Cross-border law.abiding, e.g. person related data & processes 18
  • 19. Cloud & Security Cloud from the viewpoint of Export Regulations (ER) An Export takes place when .. Root Access  Cross border Clouds – the data crosses the border Cross Border Cloud Computing  Distributed service offerings means  The server and data stay in the local country  Who gets which kind or type of root access to/for what ? 19
  • 21. Cloud & Security Understand Compliance requirements – Data Privacy – Data Security Expectation 1  Improvement in Security 2  Inner Security 4  Reduction in Cost  Outer Securitty „How do I prove?“  Load Optimization  Operational Security 3 5 traceability & Focus: verifiability & „What do I really need?“ auditability Goal understand business security guidelines, risks and threats rules, policies Security Compliance Management awareness, monitoring & implementation & detection automization Risk Risk – Appetite ? Cloud - Workload -> Risk Assessment / Analysis / Accreditation / Certification 21
  • 22. Cloud & Security Business processes, use cases, assets • C – Confidentiality Matrix items to evaluate: • I – Integrity - authentication (item1) Potential Damage • A – Availability - data transfer (item2) - .. I5-c high i2-a (4) i5-i i2-c i5-a medium i3-c (3) i1-c i2-c i1-a i3-i low i4-i (2) i7-a insignificant (1) impossible low medium high very high Probability (0) (2) (3) (4) (4) 22
  • 23. Concepts, Processes, Tools The Roadmap towards Cloud Security - a Transformation Process
  • 24. The Roadmap to where ? Cloud & Security Cloud transformation phases to your own cloud. Where‘s your Security ? Does it fit to your risk appetite ? 1 2 3 4 5 IT IT IT IT IT processes processes processes processes processes Bus Transition Cloud(ization) Pro 4 Transition Bus Automatization Pro 3 Bus Transition Standardization Pro 2 Bus Virtualization Pro 1 Bus Consolidation Pro Elimination Exp: Baseline VSP Compliance Approval GRC Target Security SIEM rules, Reporting Approval Workflows 24
  • 25. Cloud & Security 4 (simple) examples of underestimated threats x Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen Virtualisierung Power VM, VMware, KVM… Ressourcen 25
  • 27. Cloud & Security https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Minimum_information/SecurityRecommendationsCloudComputingProviders.html 27
  • 28. Cloud & Security Eckpunktepapier- Sicherheitsempfehlungen Security Recommendation for Cloud Computing für Cloud Computing Anbieter Providers More sources: • IT-Grundschutz • BSI-Standard 100-2/100-4 • ISO 27001/2 • Cloud Security Alliance – German Chapter, cloudsecurityalliance.org • ISF – Information Security Forum, www.securityforum.org • TMForum – TeleManagement Forum, www.tmfourm.org • Euro Cloud e.V. en.eurocloud.de/ https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Mindestanforderungen/Eckpunktepapier-Sicherheitsempfehlungen-CloudComputing-Anbieter.pdf?__blob=publicationFile 28
  • 29. Cloud & Security the result .. 29 To get the MindMap contact ulf.feger@de.ibm.com
  • 30. Cloud & Security n tio Supporting Security landscape – What is the aim of my security ? ap ad Desktop/Client Security Policy Connection Repository HTTP (incl. SOAP/ HTTP) Connection Identity Repository Admin User Web Services (Person & Account) ic Connection User Self- Admin. service Identity Synchronisation m Reporting Tivoli Identity Manager (TIM) Workflow & Lifecycle Tivoli Access Manager for e-business (TAMeb) Common Cloud Entitlement Policy Identity HR Store System na Tivoli Federated Identity Manager (TFIM) Auditor Management Platform Provisioning Engine Management Domain Tivoli Security Policy Manager (TSPM) dy Reconciliation Provisioning Tivoli Access Manager for Enterprise Single Signon (TAM E-SSO) SSO WS Fed Web Policy Policy SSO Policy Tivoli Compliance Insight Manager (TCIM) Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Cloud Services Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ FedSSO A&A FedSSO BSS Apps Staff A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log OSS Audit Log Consolidation Audit Policy Compliance Reporting 30 Auditor Auditor
  • 31. Cloud & Security Supporting Security landscape – What is the aim of my security ? Desktop/Client Security Policy Connection Repository HTTP (incl. SOAP/ HTTP) Connection Identity Repository Admin User Web Services (Person & Account) Connection User Self- Admin. service Identity Synchronisation Reporting Tivoli Identity Manager (TIM) Workflow & Lifecycle Tivoli Access Manager for e-business (TAMeb) Entitlement Policy Identity HR Store System Tivoli Federated Identity Manager (TFIM) Auditor Provisioning Engine Management Domain Tivoli Security Policy Manager (TSPM) Reconciliation Provisioning Tivoli Access Manager for Enterprise Single Signon (TAM E-SSO) SSO WS Fed Web Policy Policy SSO Policy Tivoli Compliance Insight Manager (TCIM) Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Web Cloud Platform Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization Cloud Services HTTP Server Authorization Web Consumer App Enterprise Single Signon BSS User Authentication Web Internet OSS App Other Employee/ FedSSO Apps Staff FedSSO A&A A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Apps Identity Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy Compliance Reporting Auditor Auditor 31
  • 32. Cloud & Security Admin User User Self- Admin. service Identity Synchronisation Reporting Common Cloud Workflow & Lifecycle Entitlement Policy Identity HR Management Platform Store System Auditor Provisioning Engine Management Domain Reconciliation Provisioning SSO WS Fed Web Policy Policy SSO Policy Mgmt Mgmt Conf. Mgmt Admin(s) Policy Enforce Cloud Services Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ BSS FedSSO Apps Staff A&A FedSSO A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy OSS Compliance Reporting Auditor Auditor 32
  • 33. Cloud & Security Admin User User Self- Admin. service Identity Synchronisation Reporting Common Cloud Workflow & Lifecycle Entitlement Policy Identity HR Management Platform Store System Auditor Provisioning Engine Management Domain Reconciliation Provisioning SSO WS Fed Web Policy Policy SSO Policy Mgmt Mgmt Conf. Mgmt Admin(s) Cloud Services Policy Enforce Web Web Authentication and App Web Single Signon Web Authentication and Portal Portal Web Single Signon HTTP Server Authorization HTTP Server Authorization Web Consumer App Enterprise Single Signon User Authentication Web Internet App Other Employee/ BSS FedSSO Apps Staff A&A FedSSO A&A WS ESB Business Gateway (SOA) Windows Windows Windows Apps Policy Apps Identity Apps Enforce Mapping Enterprise Dir Collect Collect Collect Collect Collect Collect Collect Collect Collect Log Log Log Log Log Log Log Log Log Audit Log Consolidation Audit Policy OSS Compliance Reporting Auditor Auditor 33
  • 34. Which challenges have to be&solved – a long list, a new list ? Cloud Security csIT - “traditionell” mi Cloud – Service User Cloud ––(Service) Provider Cloud (Service) Provider User: na control incl. rule based policy • Access y managment • Access control incl. rule based policy dD managment • Service Offering lo u • User and entitlement management incl. processes mngment and p.-automation • User and entitlement management incl. processes mngment and p.-automation C Duties: • Role based separation of duties • Role bases separation of duties - Authentication • Security policy management • Security policy management - Authorization - del. Administration • Security monitoring, auditing, compliance • Security monitoring, auditing, compliance - pay the bill reporting reporting • SOD for multi tenancy • SoD for multi tenancy Expectations: • Reporting (SoD based) - Security infor- • Reporting (SoD based) - Security infor- -SLA Fulfillment mation and Event Management mation and Event Management -Compliance • Compliance audit & reporting across the • Compliance audit & reporting across the -Detailed Reporting IT infrastructure and processes IT infrastructure and processes • Protection and security for the virtualized • Protection and security for the virtualized environment (network / hosts / VMs) environment (network / hosts / VMs) • Protection and compliance tool for server • Protection and compliance tool for server verification verification • Configuration and change management • Configuration and change management • Connectivity / linkage with YOUR accoun- • Connectivity / linkage with YOUR accoun- 34 ting model (Metering & Rating) ting model (Metering & Rating)
  • 35. Cloud & Security IBM Cloud Components – more than Virtualization only 10. Management 9. Visualization of the services Service Level related to business targets and Agreements (SLAs) Service agreements 8. Collect, Analyze, and 11. Exit-Management Report -> Acounting based on usage / costs / licence model Common Cloud Management Platform 1. Ordering / 3. Provisioning Cloud Services of the service booking from a 7. Realtime Management service Event Consolidation rgd. catalogue BSS the Business Services 4. Integration with OSS 6. Monitoring 2. integration with - Service Monitoring Storage Area Service Desk -Platform Monitoring Network (SAN) and und IT Asset netzwork(poo) Management + - Performance AND the Security Processes - Security Alerts Managment 5. Service - PUMA Discovery, -… Change & Configuration Service = Software, Platform, Infrastructure (i.e. Composite Management: Application, Physical / Virtual OS, Middleware, Network, Storage - Service - Platform Not in all cases will all steps exist in a client engagement 35
  • 36. Cloud & Security Distributed Cloud Setup 36
  • 37. Cloud & Security The Cloud – Layers “Cloud” Test/Dev Training Applikationen ... 3 Standardization Standardization / Service Catalogue / Image Catalogue Ressource Planing Request Approval Workflow (Request / Quota ..) Provisioning / Usage / 4 Automization Removal Accounting / Billing Process Automation Engine Monitoring High Availability Dynamic Secure and highly Provisioning Security 5 availabe private Repository  Secure virt. env. cloud  Identity & Access Mgmt. Virtualization Power VM, VMware, KVM… 2 Virtualization Resources 1 Consolidation 37

Editor's Notes

  1. Users are the weakest link What’s wrong with this picture? Did the gate work as designed? Did the gate provide security? Social engineering 71% of people at Victoria Station (London) station gave out passwords for an Easter egg* If security is too inconvenient … users will find a way to subvert it
  2. To take the previous chart a step further, here we talk about attackers the different types of attackers we see. There are those using off the shelf tools and techniques -- exploits that are publicly released, and can easily be acquired off Internet to launch their attacks. Or you’ve got more sophisticated attackers who develop their own exploits and discover their own vulnerabilities then target them before anyone else has even seen them. We also see attacks that are broadly focused. They’re trying to target the entire Internet. Or, we have attacks that are highly targeted. They’re specifically interested in breaking into particular organizations. So looking at those two dimensions you get four categories. Off the shelf broad attacks are typically financially motivated botnet builders. This accounts for most of the attack activity that we’ve seen and have been fighting for the past ten years. However, we also see today this thing that’s often called the advanced persistent threat (ATP), which is sort of the other side of the coin. These are targeted, sophisticated attackers that are going after specific organizations and they’re using vulnerabilities they have discovered themselves. Highly custom malware so they’re very difficult to protect against. In addition, this year we’ve seen a lot of targeted attacks that used off the shelf techniques. So these are often activists. People who have a motive to attack a particular organization but are not necessarily as sophisticated in watching those attacks as the advanced persistent threat. And we have one more category, which fortunately we aren’t dealing with much today and that is if you took the sophistication of the APT and applied it broadly, this is sort of the cyber war nightmare scenario that people have been talking about in policy circles. Fortunately that’s not a reality today on the Internet.
  3. Users are the weakest link What’s wrong with this picture? Did the gate work as designed? Did the gate provide security? Social engineering 71% of people at Victoria Station (London) station gave out passwords for an Easter egg* If security is too inconvenient … users will find a way to subvert it
  4. This diagram is the Top Level view of the blueprint. The top layer is the IBM Security Framework, which provides the business context or business perspective of security. The framework is commonly represented by the graphic you see on the right. The blueprint separates the management of security from the implementation of security, which are represented in the middle and bottom layer respectively. A product-agnostic and solution-agnostic approach to defining security capabilities. A common vocabulary to use in more detailed discussions Architectural principles that are valid across all domains and deployment environments Based on researching many customer related scenarios A roadmap to assist in designing and deploying security solutions The security management layer represents the capabilities needed to translate the business view of security concerns into policies, operational procedures, and technical controls that can be deployed into the IT landscape and the organization. The Services and Infrastructures layer represents the security capabilities needed to enforce policies and their integration points into the IT infrastructure. By separating security management from security implementation, the IT organization can focus on getting the policy and needed controls correctly defined and can better monitor and assess how completely and effectively the policies are being enforced. Architecture Principles in the Blueprint 1. Openness 2. Security by default 3. Design for accountability 4. Design for regulations 5. Design for privacy 6. Design for extensibility 7. Design for sharing 8. Design for consumability 9. Multiple levels of protection 10. Separation of management, enforcement and accountability 11. Security is model-driven 12. Security-critical resources must be aware of their security context 13. Consistency in approaches, mechanisms and software components The IBM Security Blueprint separates security management from infrastructure services.
  5. Welche Anforderungen haben unsere Kunden – Cloud Dienstnutzer und Cloud-Dienstanbieter - an eine Cloud-Lösung. Man nehme klassische Data Center Security und füge den Aspekt der Dynamik hinzu – eine der Eigenschaften der Cloud. Somit erhält man o.g. Liste der Herausforderungen mit ihren 11 Punkten – mind. 11 Punkte
  6. Bem: GS Prz – Geschäftsprozesse Ansichten und Bemerkungen des IT-Verantwortlichen oder Beauftragten, häufiger Kommentar: Ich muss Cloud machen, ich soll Cloud machen, aber wie ? Oder: Ich mach doch schon Cloud, nämlich .. Virtualisierung Die meisten Interessenten für Cloud & Security sind im Umfeld Virt+Stand, teilweise Aut, viele geben aber auch offen zu: Kons beschäftigt sie Es gilt eine Sec Roadmap aufzustellen, mit dem Kunden, die die GSPrz + IT Proz + Sec Themen abbildet Und dies für jede Phase, z.B. hier für die Virt., viele habe die Riskiken nicht auf dem Radar
  7. VMWare NOT PowerVM Hier 4 Sicherheitsszenarien 1 2 3
  8. Eine Empfehlungssammlung des BSI für CC Anbieter, Ich empfehle dies auch den Nutzern zu lesen und ihre Anbieter daraufhin zu prüfen. Oder ein Service Provider überlegt Cloud-Dienste anzubieten: Was gilt es zu beachten - Ein guter Start, auf abstrakter, hoher Ebene, kaum technisch
  9. Ich habe aus dem BSI Katalog die Einzelthemen exrtahiert und als MindMap erfasst Dann in beliebigen Farben Ergänzungen hinzugefügt, weitere Themen genannt Dient als Leitfaden für Kundendiskussion U.a. Weitere Informationsquellen
  10. Dies ist die gesamt MindMap in Version 1.0, Aktuelle Version 1.03 / 16.08.2011 Weitere Versionen folgen
  11. Hier in der Mitte, kaum zu übersehen: die Cloud Plattform mit ihren 3 Layern Services Business Support Systems/Services Operations Support Systems/Service In Anlehnung an das TMForum CSP eTOM model -> WO beginnt man hier mit Security: außerhalb – innerhalb ?
  12. Hier in der Mitte, kaum zu übersehen: die Cloud Plattform mit ihren 3 Layern Services Business Support Systems/Services Operations Support Systems/Service In Anlehnung an das TMForum CSP eTOM model -> WO beginnt man hier mit Security: außerhalb – innerhalb ?
  13. Eine Liste mit Sec Herausforderungen, eigentlich nichts neues, wenn man sich mit diesen themen bereits in der „alten“ Welt beschäftigt hat ..
  14. Cloud vs. „Nur-Virtualisierung“ Ein Kreislauf der auch Sec betrifft, diese muss integriert werden Diese muss bereits in die grundlegende Architektur integtriert werden Hier fehlt: Exit-Management Was geschieht mit den Daten, wie bleiben alle Parteien auditierfähig, welche Abhängigkeiten von der Workload existieren
  15. Standardmodell – Schichtenmodell 1+2.. Abstraktion der HW durch konsolidierte HW 3: Katalogwesen -> keine Management mehr auf Zuruf 4: Gewinn durch Automatisierung von der Bestellung bis zum Abbau – Achtung Abbau ist ein difizieles Thema: Was geschieht mit den Daten, wo bleibt die Auditierfähigkeit 5: am Schluß purzelt die sichere Cloud heraus .. Ok, so einfach ist es nun auch nicht
  16. Nehmen wir die untersten Schichten: HW + Virtualisierung - diese sind nicht nur 1x, sondern x mal vorhanden, es sei denn man eine eine omnipotente Maschine – oder spielt nu mit Cloud Also x mal HW + x mal Virtualiserung UND dies gemanaged durch 1 Plattform, nicht x+1 Plattformen, Management-Konsolen Es ergibt sich eine verteilte Cloud Infrastruktur, ja, diese kann komplett lokal sein, muss aber nicht, Beispiele zur Verteilung einer privaten Cloud und was dies bedeutet folgt noch