Security cloud forum_2011


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Discuss 5 Attributes of Cloud and Impacts which they pose for Security
  • Discuss initial phase of Cloud Computing
  • How its focus shifted from cool technology to Cost Reduction Efforts
  • How organizations begin to see the cloud as a means of increasing revenues
  • Then seen as a transformative element, Shift of perception particularly by non IT organizations to leverage the cloud as a opportunity
  • Focus on Competitive, Non Cloud vendors leveraging the cloud to convert internal APIs from Expenses to assets. Highlight Brinks Cloud based money management offering and fact that this shift has resulted in a change to how organizations operate.
  • Introduce Network Workload Story and How perceptions changed (Angry Villagers Torches->agreement)
  • Highlight the results of IBM network world tech debate, initial perceptions we lost then we ended up building momentum and more than 2/3 agreed with arguments, then lead to the 4 arguments used in the article.
  • First those who adopt cloud based technologies do so in a deliberate way they start with individual workloads, we know from customers, market data etc that customers typically adopt one cloud then move to another etc.
  • Currently organizations have no clue where there critical data is and as data grows exponentially its harder and harder for organizations to keep track of that data
  • When we ask executives what their critical data is they cant tell us in fact the boundaries for what’s important and what is not important is completely lost, making it that much harder to really secure.
  • As a result Security Personnel become great wall builders, the issue is that we continue to build walls and lose focus on what we are protecting and the various ways it can be exploited. We also lose the ability to granularly track information. This means we poke holes in ports for multiple applications etc meaning we degrade overall security
  • Once an organization gains clarity of their information they can identify what really matters and leverage that asset
  • Financially organizations benefit from cloud
  • Organizations are spending less than in past, As a result there is less money to spend
  • Inversely Cloud Vendors have money allocated for competitive reasons. Ultimately Security remains the only competitive lever most vendors can pull so it’ s a priority
  • Organizations have to keep up with security
  • Security requires vigilance organizations already are overloaded (tell story of startup from past history)
  • Services allows them to ease the burden (Security as a Service Argument)
  • Security skills are hard to find and security is hard
  • Is this who you want doing your security
  • Or do you want a professional
  • Clouds have multiple delivery models – Note Gartner wants us to play this up more because they believe confusion on this topic and following slides. My approach is forget concepts of “The Cloud” its not a single entity but much more complex and interesting
  • Play to Gartner and their args multiple deployment paths, talk security in context here. May need to cut short this is a long preso already
  • The Message One Size doesn’ t fit all and btw there are lots of types of clouds. We need to hammer this home because we keep highlighting Public hosted not private.
  • IBM is different, may update image to show lots of fishbowls moving back on horizon?
  • Our 4 stage approach to cloud security.
  • Standard secure by design refer to our experiences. We need to promote this more once we nail foundational controls tie to Rational/WebSphere/Information Management and Tivoli Cloud story. We have assets just need to cauterize story right now I seem to be only one giving it.
  • This is where we engage in workload discussion, talk to each type of workload and how security varies ( actually only a couple otherwise takes wayy too long) Discuss Healthcare->Education->Development?
  • LotusLive its easy and how security themes and our foundational strategy apply
  • Explain Service Enabled,
  • Researchy things like Lotus work the IPS stuff and Mobile work, we might want to include trusted domain and some of the other services we are exploring for example those in IM
  • Our portfolio, WE have breadth and depth only vendor
  • How we can focus on a private scenario
  • Public example
  • Whats new – TEMS, Juniper Partnership, WebSphere Virtuoso…
  • Talk about challenges encourage consultative services Trusted Guide my usual blah blah
  • Security cloud forum_2011

    1. 2. Choosing the Right Security Strategy for Cloud Computing Harold Moss CTO/Chief Architect Cloud Security Strategy
    2. 3.
    3. 4.
    4. 5. Introduction to Cloud Computing
    5. 6.
    6. 7.
    7. 8.
    8. 9.
    9. 10.
    10. 11. <ul><li>“ The Cloud has the potential to be more secure than traditional environments” </li></ul>
    11. 12.
    12. 13.
    13. 14. What’s Important?
    14. 15. Can you identify your Important Data?
    15. 16.
    16. 17.
    17. 18.
    18. 19.
    19. 20.
    20. 21.
    21. 22.
    22. 23.
    23. 24.
    24. 25.
    25. 26.
    26. 27. There are Multiple Delivery Models for Clouds
    27. 28. And Multiple Deployment Paths…
    28. 29. What Other Vendors Tell People About their Clouds and Their Security
    29. 30. Our Perspective
    30. 31. Our Approach to the Cloud
    31. 32. Security by Design: “Building Security into the fabric of the Cloud”
    32. 33. Just Like there are different Clouds, there are different workloads
    33. 34. Workload Driven: “Relevant security not just Fluff”
    34. 35. Service Enabled: “Building Better Walls”
    35. 36. Innovation Powered: “Creating Security for tomorrow”
    36. 37. The IBM Security Portfolio
    37. 38. Applying Workload Driven Security to a Private Cloud Intrusion Prevention Monitoring Access Management Data Security Application Evaluation Database Design/Test Virtual Server Protection Security Event Monitoring Provisioning
    38. 39. Example: Cloud Security in the Public Space Firewall IPS Data Protection Access Identity Federated Identity VM Protection Patch Mgmt. Configuration Mgmt. Security Event Log Mgmt. Audit Vulnerability Mgmt.
    39. 40. Hybrid Cloud Scenario
    40. 41. New Security Capabilities for 2011
    41. 42. Preparing to Move to the Cloud <ul><li>“ Cloud Computing” is complex where to begin: </li></ul><ul><ul><li>Engage Experts who have had prior success in the cloud. </li></ul></ul><ul><ul><li>Establish a set of measures that clarify what a successful engagement in the cloud would look like. </li></ul></ul><ul><ul><li>If externally hosting your cloud ensure that your vendor is reliable </li></ul></ul><ul><ul><li>Identify what workloads you are most comfortable with don’t just dive in. </li></ul></ul><ul><ul><li>Determine the appropriate security for your workload, and leverage managed services where possible </li></ul></ul><ul><ul><li>Build Consensus upfront, one sided decisions tend to fail in the cloud </li></ul></ul>
    42. 43. IBM Cloud Security Guidance <ul><li>Based on cross-IBM research and customer interaction on cloud security </li></ul><ul><li>Highlights a series of best practice controls that should be implemented </li></ul><ul><li>Broken into 7 critical infrastructure components: </li></ul><ul><ul><li>Building a Security Program </li></ul></ul><ul><ul><li>Confidential Data Protection </li></ul></ul><ul><ul><li>Implementing Strong Access and Identity </li></ul></ul><ul><ul><li>Application Provisioning and De-provisioning </li></ul></ul><ul><ul><li>Governance Audit Management </li></ul></ul><ul><ul><li>Vulnerability Management </li></ul></ul><ul><ul><li>Testing and Validation </li></ul></ul>
    43. 44. Cloud Security Whitepaper <ul><li>Trust needs to be achieved, especially when data is stored in new ways and in new locations, including for example different countries. </li></ul><ul><li>This paper is provided to stimulate discussion by looking at three areas: </li></ul><ul><ul><li>What is different about cloud? </li></ul></ul><ul><ul><li>What are the new security challenges cloud introduces? </li></ul></ul><ul><ul><li>What can be done and what should be considered further? </li></ul></ul>
    44. 45. Why IBM <ul><li>IBM is the only company with the Breadth and depth of products, technologies, services and business partners to provide end-to-end security. </li></ul><ul><li>IBM has over 200 Security related products and over 3500 Highly Skilled Security professionals </li></ul><ul><li>IBM has over 40 years of security development and innovation experience </li></ul><ul><li>IBM has six worldwide research labs innovating security technology and nine security operations centers. </li></ul><ul><li>IBM analyzes more than 13 billion security events on behalf of its clients and block more than 150 million attacks each day. </li></ul><ul><li>IBM is one of the most trusted companies in the World. </li></ul>