Shekhar Kirani - Enterprise and Cloud Computing: Clouded Security?

  • 1,019 views
Uploaded on

The session will provide a 360-degree view on how enterprises can compete effectively by opening up their previously closed networks to business partners, customers, and their own increasingly mobile …

The session will provide a 360-degree view on how enterprises can compete effectively by opening up their previously closed networks to business partners, customers, and their own increasingly mobile workforce - while managing security and associated risks. Kirani will also share practical examples from Indian and global enterprises that have secured critical business interactions and operations successfully.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,019
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
104
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Enterprise and Cloud Computing – Clouded Security? Dr. Shekhar Kirani Vice President and Country Manager, VeriSign India 10/08/09 1 1
  • 2. Digital World: How it looks? 1.3B Global Internet Users 1.5T E-mails 177M Web sites 1. Source: Forrester Research 2008 2 2. Source: Goldman Sachs 2007 CSO Survey 2 3. Source: Synovate 2008 Consumer Survey
  • 3. Why Such a Growth? Enterprise interactions Have Become Enterprise Internet Interactions Enteprise Internet Interactions -> Enterprise Cloud Interactions Efficiency & Convenience = $$$ 3 Source:http://www.verisign.com/Resources/Naming_Services 3 _Resources/Domain_Name_Industry_Brief/index.html
  • 4. What is Cloud Computing? Cloud Computing Is NOT Grid Computing Grid Computing Distributed computing that uses a cluster of networked computers, acting in concert to perform a task 4 4
  • 5. Defining Cloud Computing Cloud Computing Is NOT Grid Computing Utility Computing Utility Computing Virtualized computing resources, such as computation and storage, offered as a metered service Sun Grid Service Elastic Compute Cloud 5 5
  • 6. Defining Cloud Computing Cloud Computing Is NOT Grid Computing Utility Computing SaaS Software-As-A-Service Delivery method of applications over the web using utility computing and multi-tenant architecture 6 6
  • 7. Defining Cloud Computing Cloud Computing Is NOT Grid Computing Utility Computing SaaS Then what is it? 7 7
  • 8. Defining Cloud Computing Cloud Computing IS Grid Computing Storage Infrastructure Identity Infrastructure + Utility Computing Security Infrastructure + Application Integration and Mash-ups + SaaS Business Intelligence Business Process Management 8 8
  • 9. Definition of Cloud Computing So, Cloud Computing is an emerging technology that: • utilizes concepts of grid and utility computing • to provide application services over the Internet • along with all associated functions available with regular in-premise implementations • and may work in conjunction with in-premise resources 9 9
  • 10. Typical Enterprise Setup for Cloud Services CLOUD 1 CLOUD 2 CLOUD 3 Different URLs with login-name/password Different URLs with login-name/password Enterprise combination. combination. Account Provisioning is batch-mode Account Provisioning is batch-mode Single Sign-on is not yet present. Single Sign-on is not yet present. 10 10
  • 11. Cloud Security Basics End-to-end security is key for SaaS/PaaS/IaaS Vendors Stronger SLA and security than enterprise security. Every resource is access controlled, logged, protected, and managed. Principle of Least Privileged. Weakest link in the security chain is always exploited Physical, network, transaction, customer, employee, consultant, etc Least protected to more protected Social engineering – will remain key attack method Security by Design: Before v/s After Thought Cost and Usability Level of Security Likelihood of exploit Opportunity to exploit Deterrence, Prevention, Identification, and Action 11 11
  • 12. The Identity Problem of Cloud Computing 30% of Enterprises and SMBs view security as a top concern in SaaS1 72% believe Identity and 78% Access Management is the key security issue2 of consumers want more control over securing their identity3 1. Source: Forrester Research 2008 12 2. Source: Goldman Sachs 2007 CSO Survey 12 3. Source: Synovate 2008 Consumer Survey
  • 13. Weak Link 1: Phishing in SaaS CLOUD 1 Enterprise R O G U E A P 13 P 13
  • 14. Solution: Secure (EV Certs) or Green Bar Certs 14 14
  • 15. Example: Green Browser Bar Phishing Site – Bar turned Red! 15 15
  • 16. Weak Link 2: Identity Theft CLOUD 1 Enterprise Rogue Emp 16 16
  • 17. Weak Link 2: Identity Theft CLOUD 1 Enterprise Rogue Emp 17 17
  • 18. Solution 2: Identity Theft CLOUD 1 Enterprise Rogue Emp 18 18
  • 19. Solution: 2nd Factor (or 2nd Password) Offer a 2nd Factor solution in addition to login name/password –What you know and What you have Offer 2nd Factor across all types of devices (tokens, mobile, cards, etc). Identity theft requires a physical device to be stolen -> makes it hard! 19 19
  • 20. Solution: 2nd Factor (2nd Password) for Online Access 20 20
  • 21. Weak Link 3: Application/Data Security Enterprise Rogue Emp 21 21
  • 22. Solution: Strong Enterprise Encryption Solutions Email Applications Encrypted Communication + = Endpoint Security Digital Certs Protected Assets and Data Data Storage Secured Data at Rest 22 22
  • 23. Weak Link 4: Insider Theft Sys Adm 1 Sys Adm 2 Rogue Adm Enterprise No Digital Cer. Digital Certificate. 23 23
  • 24. Solution: Strong Authentication Web Applications Strong Web Authentication Remote Access Secure Remote Access + = Digital Certs & Desktop Logon Multi-Factor Desktop Logon OTP Token Networking Secure Network Access 24 24
  • 25. Weak Link 5: DDoS Attack on Service Enterprise Bot 1 Bot 2 Bot 3 25 25
  • 26. Weak Link 5: DDoS Attack on Service Enterprise Bot 1 Bot 2 Bot 3 26 26
  • 27. Infrastructure: Evolving and Sophisticated DDoS Attacks Attack Bandwidth VS (Normal) Bandwidth 70 VoIP/Cell Phone Worm ? 60 New threats due to 150x increased nodes and 50 adoption of IP-based DNS Gbps mobile devices 40 DNS Reflector 100x 30 Routing 20 Root Server Attacks Loop .COM Attacks Sobig Worm 50x 10 AOL Microsoft 40x Normal DNS Traffic 3x 30x 0 2000 2001 2002 2003 2004 2005 2006 DDoS Packet Filtering During Attack Attack Bandwidth (Normal) Bandwidth 27 27
  • 28. Summary Cloud Services need to offer Strong SLA and Security than Enterprises can do on their own. Cloud Services need to demonstrate back-to-back SLA/Security throughout the SaaS/PaaS/IaaS chain. Clould Services need to demonstrate how they plan to do Deterrence, Prevention, Identification, and Action against attacks Enterprise will move to Cloud if Security/Privacy Issues are addressed 28 28
  • 29. Thank you! 29 29