Choosing the Right Security Strategy for Cloud Computing Harold Moss CTO/Chief Architect Cloud Security Strategy
Introduction to Cloud Computing
“ The Cloud has the potential to be more secure than traditional environments”
Can you identify your Important Data?
There are Multiple Delivery Models for Clouds
And Multiple Deployment Paths…
What Other Vendors Tell People About their Clouds and Their Security
Our Approach to the Cloud
Security by Design: “Building Security into the fabric of the Cloud”
Just Like there are different Clouds, there are different workloads
Workload Driven: “Relevant security not just Fluff”
Service Enabled: “Building Better Walls”
Innovation Powered: “Creating Security for tomorrow”
The IBM Security Portfolio
Applying Workload Driven Security to a Private Cloud Intrusion Prevention Monitoring Access Management Data Security Application Evaluation Database Design/Test Virtual Server Protection Security Event Monitoring Provisioning
Example: Cloud Security in the Public Space Firewall IPS Data Protection Access Identity Federated Identity VM Protection Patch Mgmt. Configuration Mgmt. Security Event Log Mgmt. Audit Vulnerability Mgmt.
Hybrid Cloud Scenario
New Security Capabilities for 2011
Preparing to Move to the Cloud
“ Cloud Computing” is complex where to begin:
Engage Experts who have had prior success in the cloud.
Establish a set of measures that clarify what a successful engagement in the cloud would look like.
If externally hosting your cloud ensure that your vendor is reliable
Identify what workloads you are most comfortable with don’t just dive in.
Determine the appropriate security for your workload, and leverage managed services where possible
Build Consensus upfront, one sided decisions tend to fail in the cloud
IBM Cloud Security Guidance
Based on cross-IBM research and customer interaction on cloud security
Highlights a series of best practice controls that should be implemented
Broken into 7 critical infrastructure components:
Building a Security Program
Confidential Data Protection
Implementing Strong Access and Identity
Application Provisioning and De-provisioning
Governance Audit Management
Testing and Validation
Cloud Security Whitepaper
Trust needs to be achieved, especially when data is stored in new ways and in new locations, including for example different countries.
This paper is provided to stimulate discussion by looking at three areas:
What is different about cloud?
What are the new security challenges cloud introduces?
What can be done and what should be considered further?