Your SlideShare is downloading. ×
0
Securing Cloud Computing                                     Szabolcs Gyorfi                      Sales manager CEE, CIS &...
Gemalto: Security To Be FreeMore than just a company tag line…it is why we exist     Communicate                   Shop   ...
Gemalto’s Secure Personal Devices…are in the hands of billions of individuals worldwide     1.5 billion secure devices – P...
Global Leadership Position      Top producer of:              SIM cards and UICC (1)              Over-The-Air platforms(2...
Defining the “Cloud”   ‘Securing Identities is Key to Success in the Cloud’ breaks   down cloud computing into three diffe...
Market Drivers & ChallengeCompliance with regulations and standards Sarbanes-Oxley Act, Health Insurance Portability and ...
The weakest link   When you move to the cloud, there may no longer be a PC under the   desk, but the user is still the wea...
Security and convenience – Can we have both? Dilbert cartoons "Providers of cloud computing resources are not focused on s...
Security is a Balancing ActMust balance between     Strength          and    Usability                                    ...
Protiva Confirm: Secure & Convenient Cloud               Services enablerBringing ADAPTABLE TRUST to Cloud Services Stron...
Adaptable Trust                              PKI                        OTP Password         .NET, TPC, …            Cards...
Protiva SA ServerThe Heart of Protiva Strong Authentication Service    Validation server supporting OTP authentication    ...
User On BoardingMobile OTP – User Download and Activate   Authentication      User enters     User establishes   Mobile OT...
Platform for next secure token generation           ID-000 (SIM sized) smart card reader           Micro SDHC card interfa...
Flash memory partitioning           SD Partitions           • Public (X:)           • Read Only (Y:)      Controller Firmw...
Use case: secure browsing“Where ever you go! Whatever you do! Your browser is protected from   permanent infections”      ...
Secure Browsing example   Mode HID   Portable Firefox (in RO partition)     Firefox ProCon add-on   Portable P#11 for TPC...
Data Leakage Protection example   Mode CCID   Microsoft Bitlocker on the computer     Encryption of public partition is d...
FulfillmentEnd User Initiated Fulfilment Fulfillment Process            Order                Receive               Use    ...
Thank You
Upcoming SlideShare
Loading in...5
×

Smart Cards & Devices Forum 2012 - Securing Cloud Computing

409

Published on

Published in: Technology
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
409
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Smart Cards & Devices Forum 2012 - Securing Cloud Computing"

  1. 1. Securing Cloud Computing Szabolcs Gyorfi Sales manager CEE, CIS & MEA
  2. 2. Gemalto: Security To Be FreeMore than just a company tag line…it is why we exist Communicate Shop Travel In ways that are convenient, enjoyable and Bank Work secure 2
  3. 3. Gemalto’s Secure Personal Devices…are in the hands of billions of individuals worldwide 1.5 billion secure devices – Produced and personalized in 2009 200 million citizens – Received a Gemalto produced e-Passport 500 million people – Carry a Gemalto produced credit card 400 mobile operators – Connecting 2 billion subscribers 30 years experience – designing/producing secure personal devices 3
  4. 4. Global Leadership Position Top producer of: SIM cards and UICC (1) Over-The-Air platforms(2) Chip payment cards(4) Chip-based corporate security solutions(1) e-Passports (3) Innovation leadership examples First to market with IP based UICC for LTE Ezio optical reader for online banking*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report 4
  5. 5. Defining the “Cloud” ‘Securing Identities is Key to Success in the Cloud’ breaks down cloud computing into three different archetypes or models:  Software as a Service (SaaS),  Platform as a Service (PaaS)  Infrastructure as a Service (IaaS). SaaS  3rd party cloud providers deliver a full application service to end-users, PaaS  uses a cloud-based infrastructure to deliver customer-based applications, IaaS  enables businesses to deliver their own services by providing them with cloud-based equipment. IDC report, June 2010 5
  6. 6. Market Drivers & ChallengeCompliance with regulations and standards Sarbanes-Oxley Act, Health Insurance Portability and Accountability, European Data Protection Directive, ... Cloud ServiceCloud Services are growing  Convenience is a key for Cloud Services adoption:  Identity management is painful for organizations and users  Single Sign-On: eliminate passwords across cloud services  Secure Access is a strong factor  Identity theft and phishing attacks are more relevant in cloud world  Static Password is Not Secure as cyber criminals are getting smarter, faster and more tenacious about getting at your data and static passwords  Cost  High TCO for complex password policies 6
  7. 7. The weakest link When you move to the cloud, there may no longer be a PC under the desk, but the user is still the weakest link in the chain. Most people have terrible habits when it comes to passwords, use the same passwords everywhere, and some write them on sticky notes and put them on their monitor. You can have a software provider with the best security on the market, but if one employee happens to choose a bad password that can be guessed in a social engineering attack, it can be catastrophic. 7
  8. 8. Security and convenience – Can we have both? Dilbert cartoons "Providers of cloud computing resources are not focused on security in the cloud. Rather, their priority is delivering the features their customers want such as low cost solutions with fast deployment that improves customer service and increases the efficiency of the IT function. As a result, providers in our study conclude that they cannot warrant or provide complete assurance that their products or services are sufficiently secure.” Ponemon Institute, 2009 Study 8
  9. 9. Security is a Balancing ActMust balance between Strength and Usability 9
  10. 10. Protiva Confirm: Secure & Convenient Cloud Services enablerBringing ADAPTABLE TRUST to Cloud Services Strong authentication ensures secure access to Online Services with multiple authentication methods: Password, OTP, PKIBringing CONVENIENCE to Cloud Services Identity federation/SSOBringing ADVANCED SERVICES to Cloud Services Digital signature service Post IssuanceNo longer need to choose between SECURITY & CONVENIENCE 10
  11. 11. Adaptable Trust PKI OTP Password .NET, TPC, … Cards Display Card, 11
  12. 12. Protiva SA ServerThe Heart of Protiva Strong Authentication Service Validation server supporting OTP authentication  Standards based technology  Tokens - OATH event based or time based  Mobile App – Time based with time stamping Web based administrator interface for user management User self-care portal for registration and password back-up Easily integrates with existing infrastructure  Established integrations with leading infrastructure technology  Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.  User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.  Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft IAS/NPS, etc. 5/15/2012 12
  13. 13. User On BoardingMobile OTP – User Download and Activate Authentication User enters User establishes Mobile OTP server URL sent numeric personal PIN application to user by email validation code activated 13
  14. 14. Platform for next secure token generation ID-000 (SIM sized) smart card reader Micro SDHC card interface Micro SD Flash ID0 Smart Card Versatility of smart card and MicroSD USB 2.0 Easy to assemble USB High Speed with HID / CCID switch Full exposure of smart card in CCID mode “0footprint” in HID mode AES 256 encryption Data can be encrypted CD-ROM emulation Autorun of applications stored in MicroSD Personalization services: graphical, packaging, smart card and flashBuilding insertion (MOQ: 1000 units) ValueTogether 15/05/2012 14
  15. 15. Flash memory partitioning SD Partitions • Public (X:) • Read Only (Y:) Controller Firmware: Mass Storage • Private (Z:) • Integrator Key • Secure Drive PIN HID / CCID PKI Smart Card • Digital signature • PKI certificateBuilding ValueTogether 15/05/2012 15
  16. 16. Use case: secure browsing“Where ever you go! Whatever you do! Your browser is protected from permanent infections”  Using a Secure Browser stored in RO, the malware cannot permanently infect your browser (your browser integrity is maintained)  Using a Secure Browser, the server certificates of your corporate trusted websites are stored in your browser and compared to the website you are trying to reach! If this is a phishing website then your browser refuses it! Building  …the list of accessible URLs can be restricted Value Together USB Shell Pro Token 15/05/2012 16 v1
  17. 17. Secure Browsing example Mode HID Portable Firefox (in RO partition)  Firefox ProCon add-on Portable P#11 for TPC IM CC RO: Firefox 15/05/2012 17
  18. 18. Data Leakage Protection example Mode CCID Microsoft Bitlocker on the computer  Encryption of public partition is done using the smart card Public: Encrypted partition 15/05/2012 18
  19. 19. FulfillmentEnd User Initiated Fulfilment Fulfillment Process Order Receive Use Two Factor Auth 2FA credential or User can start using (2FA) credential or token is shipped or strong 2FA to token ordered by made available to protect access to end user end user cloud resources 19
  20. 20. Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×