A Security Practitioner’s Guide to the Cloud- Maintain Trust and Control in Virtualized Environments with SafeNet’s Trusted Cloud Fabric
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

A Security Practitioner’s Guide to the Cloud- Maintain Trust and Control in Virtualized Environments with SafeNet’s Trusted Cloud Fabric

on

  • 1,515 views

To fully capitalize on the strategic potential of the cloud, enterprises will need to address a key challenge: security. SafeNet enables enterprises to overcome this challenge with a comprehensive set ...

To fully capitalize on the strategic potential of the cloud, enterprises will need to address a key challenge: security. SafeNet enables enterprises to overcome this challenge with a comprehensive set of flexible and modular security solutions – called the SafeNet Trusted Cloud Fabric. From authenticating in SaaS environments to ensuring compliance in the cloud, these practical solutions are ready today and can be adopted when and where they are needed.

Statistics

Views

Total Views
1,515
Views on SlideShare
1,515
Embed Views
0

Actions

Likes
1
Downloads
52
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

A Security Practitioner’s Guide to the Cloud- Maintain Trust and Control in Virtualized Environments with SafeNet’s Trusted Cloud Fabric Document Transcript

  • 1. A SecurityPractitioner’sGuideto the CloudMaintain Trust and Control in VirtualizedEnvironments with SafeNet’sTrusted Cloud FabricTRUSTED CLOUDFABRIC
  • 2. A Security Practitioner’sGuide to the CloudMaintain Trust and Executive Summary- To fully capitalize on the strategic potential of the cloud, enterprises will need to address a key challenge: security. SafeNet enablesControl in Virtualized enterprises to overcome this challenge with a comprehensive set of flexible andEnvironments with modular security solutions – called the SafeNet Trusted Cloud Fabric. FromSafeNet’s Trusted authenticating in SaaS environments to ensuring compliance in the cloud,Cloud Fabric. these practical solutions are ready today and can be adopted when and where they are needed. Introduction“Forrester fully expects to see Today, over 60% of enterprises, both large and small, plan to evaluate or pilot some typethe emergence of highly secure of cloud-enabled offerings within the next 18 months1. For many applications, such asand trusted cloud services sales force automation, project management, and marketing automation, SaaS-based delivery has become the de facto standard. Yet for many enterprises, initial cloud initiativesover the next five years, during represent a virtual drop in the bucket in terms of what is ultimately possible.which time cloud security willgrow into a $1.5 billion market Take, for instance, the case of a large multi-national retailer that looks to migrate itsand will shift from being an virtual machines from internally sourced to cloud-based resources during the holiday season. Given that 70% of its retail business is conducted during this four-week period,inhibitor to an enabler of cloud the company stands to substantially reduce its IT operational expense through the less-services adoption.” demanding months of the year—and save millions in the process.—Forrester Research It is with this type of strategic initiative that enterprises will begin to realize the full value of the cloud’s elasticity and cost benefits. However, for these visions to become a reality, a significant challenge needs to be addressed: guaranteeing security, trust, and control in the cloud. What precautions do cloud providers have in place to guard against breaches? How can businesses ensure sensitive data isn’t inadvertently co-mingling with another client’s records in a virtualized, multi-tenant environment? How do businesses ensure and demonstrate compliance of their cloud deployments? Enterprises pursuing a host of cloud initiatives today are wrestling with these issues, and, as the strategic value of cloud initiatives increases, so too does the security imperative. These heightened security demands will spawn significant effort and investment from enterprises and the security vendors that serve them. That’s why Forrester estimates cloud security will grow into a $1.5 billion market in the next five years2. Encryption: A Fundamental Control for the Cloud As outlined above, before they can migrate strategic services and assets to the cloud, organizations need to be able to migrate to cloud services, while retaining the requisite security controls. Consequently, encryption is increasingly being recognized by security experts and industry analysts as a fundamental control for organizations moving to 1 Gartner, “Hype Cycle for Cloud Computing, 2010”, David Mitchell Smith, July 27, 2010 2 Forrester, “Security And The Cloud: Looking At The Opportunity Beyond The Obstacle”, Jonathan Penn with Heidi Shey, Christopher Mines, Chétina Muteba, October 20, 2010 A Security Practitioner’s Guide to the Cloud Whitepaper 2
  • 3. the cloud. When implemented correctly, along with associated secure key and policySafeNet Information management approaches, encryption enables organizations to isolate data and associatedLifecycle Protection policies—particularly in shared, multi-tenant environments. With these controls, organizations can move to the cloud without making any compromises in their securityThe SafeNet Trusted Cloud posture or their compliance status.Fabric is an extensionof SafeNet Information While encryption has been a critical security component within the traditional data center, its strategic importance grows significantly in the cloud. In the past, physical controls,Lifecycle Protection, a inherent physical isolation, and the underlying levels of trust in the traditional data centercomprehensive framework mitigated some potential needs for encryption. In the cloud, those physical barriers andfor securing data throughout trust factors dissolve completely, making encryption a significantly more strategic andthe information lifecycle. By critical control moving forward.extending trust and controlwhen moving users, data, The Solution: SafeNet’s Trusted Cloud Fabricsystems, and applications SafeNet delivers the industry’s most complete cloud fabric for virtualized environments,to virtualized environments, enabling enterprises to ensure trust throughout the lifecycle of enterprise data. The SafeNet Trusted Cloud Fabric enables enterprises to…SafeNet enables customersto seamlessly integrate • Ensure security and compliance in the cloud. The SafeNet Trusted Cloud Fabricany cloud model into their represents a complete ecosystem of security solutions, weaving together persistentnear-term and long-term protection, elastic encryption, anchored identity, and secured communication. With these capabilities, SafeNet enables customers to retain complete control over howtechnology and security data is isolated, protected, and shared—even in multi-tenant cloud environments.strategies. • Take a practical migration path to the cloud. SafeNet offers a modular architecture that gives organizations the flexibility to migrate to the cloud in the most effective and efficient manner, and according to their specific timeframes, business objectives, and security policies. SafeNet’s Trusted Cloud Fabric enables businesses to tackle their most pressing security challenges, both in the near term and in the long term— whether they’re looking to secure access to SaaS applications, encrypt storage in the cloud, protect the communication links between private and public clouds, or address a host of other objectives. • Fully leverage the benefits of the cloud. The SafeNet Trusted Cloud Fabric features high performance solutions built specifically to support virtualized environments. In addition, SafeNet’s comprehensive solutions enable centralized governance and management of sensitive data, applications, and systems across the data center and the cloud. As a result, security teams can enjoy optimized administrative efficiency, while businesses fully embrace cloud opportunities. The Elements of the Trusted Cloud Fabric When it comes to enterprise cloud initiatives, one size, strategy, or technology does not fit all. Many enterprises will take disparate, multi-pronged approaches to the cloud, and will need modular solutions that offer flexible integration points across public, private, and hybrid clouds. SafeNet delivers a complete array of solutions, equipping enterprises with the capabilities they need, when they need them—regardless of where they are in their cloud adoption strategies. SafeNet offers these cloud-based solutions: • Secure access for SaaS • Secure cloud-based identities and transactions • Secure virtual instances • Secure cloud-based storage • Secure cloud application data • Secure cloud connections A Security Practitioner’s Guide to the Cloud Whitepaper 3
  • 4. Secure Virtual Storage Secure Cloud ApplicationsThe Benefits of theTrusted Cloud Fabric• Stay in control. Bring Secure Cloud-Based Secure Virtual Machines Identities and Transactions private data center security and control to public and private clouds.• Eliminate compromise. Boost security without compromising the elasticity, scalability, or flexibility of Secure Cloud-Based cloud deployments. Secure Access to SaaS Communications• Keep it simple. Get integrated, centralized management, administration, and policy enforcement of On-premise all domains—including internal data center and private, public, and hybrid When organizations migrate data that is sensitive or regulated by mandates into these clouds. environments, they can confront several tough questions: How do you keep information• Make it persistent. Wrap isolated and secure in remote, multi-tenant environments, where many traditional security protection around sensitive controls can’t be employed? How do you protect against unlimited copying of virtual information throughout instances? How do you gain the fundamental visibility required to understand how virtual its lifecycle, wherever it instances are being used? How do you enforce the separation of duties and granular controls resides. needed to mitigate the threat of cloud administrators abusing their super-user privileges? To address these issues, organizations need to safeguard virtual instances and the sensitive assets they contain. Organizations need to retain the requisite security controls to ensure only authorized users access the sensitive data held in virtual instances at any given time. For these reasons, encryption is increasingly being recognized as one of the fundamental security controls for organizations migrating to the cloud. Through encryption, and associated secure key and policy management, organizations can safeguard stakeholder trust when adopting cloud offerings Secure Access for SaaS Multi-factor authentication—whether through the use of one-time password (OTP) tokens, certificates, USB tokens, or smart cards—has grown increasingly critical as organizations look to secure remote users’ access to corporate systems. As enterprises move increasingly strategic business services to the cloud, security teams will need to leverage centralized mechanisms that accommodate both traditional remote access scenarios and cloud deployments. The Solution With SafeNet Authentication Manager, customers can leverage a unified authentication infrastructure for both their on-premise and cloud-based services—providing a centralized, comprehensive way to manage all access policies. When users try to access one of the enterprise’s cloud services, for example a SaaS service like Salesforce. com or GoogleApps, they will authenticate using their existing SafeNet authentication mechanisms, such as smart cards, USB tokens, or OTP via the user’s mobile phone. The Benefits SafeNet’s comprehensive authentication solutions make it easy for enterprises to maximize authentication security for SaaS applications. SafeNet solutions offer an unparalleled array of advantages for enterprises moving to the cloud: • Comprehensive platform. All SafeNet solutions that can all be managed through A Security Practitioner’s Guide to the Cloud Whitepaper 4
  • 5. SafeNet Authentication Manager, a central management server that enables identity federation, access controls, and strong authentication to both on-premise and SaaS applications. • Deployment and form factor flexibility. SafeNet offers the broadest authentication portfolio, including hardware tokens, software authentication, one-time password solutions, and more, ensuring organizations have the solutions tailored to their specific security and business objectives. • Advanced reporting. SafeNet authentication platforms offer extensive reporting capabilities that streamline compliance with a host of security regulations and policies. SaaS Apps Cloud Applications Salesforce.com Federated SSO to the cloud Google Apps User authenticates using enterprise identity SafeNet Authentication Manager (SAM)Secured Identities and TransactionsThe virtualized nature of the cloud removes many of the physical workflow and perimeter-based control points that helped secure sensitive information in traditional in-housedeployments. In order to adopt cloud services, while ensuring the requisite levels of trustand security, enterprises must take a data-centric approach to security. This entailsemploying cryptographic operations, such as data encryption and digital signatures, toensure the confidentiality and integrity of data and business processes. At the same time,the use of cryptography can’t jeopardize the performance and reliability of cloud resources.The SolutionSafeNet offers the most advanced and secure network-based HSMs, which are ideallysuited to the demands of virtual and cloud infrastructures. SafeNet HSMs, includingSafeNet Luna SA, offer an unparalleled combination of features—including central key andpolicy management, robust encryption support, flexible integration, and more—that formthe basis of a secure cloud platform. In addition, SafeNet is the only HSM solution providerto protect keys in hardware, ensuring that the cryptographic keys, paramount to securingyour application and sensitive information, never leave the confines of the hardwareappliance. Finally, SafeNet offers HSMs that feature FIPS- and Common Criteria-certifiedstorage of cryptographic keys.A Security Practitioner’s Guide to the Cloud Whitepaper 5
  • 6. The Benefits By employing SafeNet HSMs for their cloud environments, enterprises can realize a range of significant benefits: • Maximize security. SafeNet enables organizations to retain effective control through group-based policies, robust user access controls, and central key and policy management of remote systems. Armed with the comprehensive, advanced capabilities of SafeNet’s HSMs, organizations can efficiently leverage the many benefits of cloud services and stay compliant with all pertinent regulatory mandates and security policies. • Reduce administrative costs and overhead. Combining the security benefits of hardware security modules with the cloud delivery model, security implementations can be far less expensive than traditional in-house deployments, putting state-of-the- art security capabilities within reach of even small- and medium-sized businesses for the first time. • Realize long term scalability and flexibility. Each SafeNet HSM can support up to 100 clients and 20 partitions, enabling organizations to maximize the return on their investment, while enjoying maximum scalability and flexibility to accommodate changing business and technical requirements.Private Public On-premiseHybrid Hardware Security Module Secured Virtual Instances Today, enterprises are increasingly moving servers from traditional dedicated data centers to shared, virtualized infrastructures, whether based in public or private clouds. Given that these virtual servers often house the applications and databases that contain sensitive corporate information—including personnel records, intellectual property, customer information, and more—the lost or theft of these virtual assets can be disastrous. In order to meet their regulatory or internal risk management policies, enterprises must address a host of challenges posed by virtualized servers and all the instances they contain, including controlling privileged administrator access, guarding against potential unlimited copying, overcoming the lack of visibility and auditability, and mitigating the exposure of raw data. To address these challenges and safeguard the sensitive information held in virtual servers, organizations must go beyond simple user access controls and actively secure virtual servers. The Solution In order to mitigate the risk virtual servers can pose to sensitive data, SafeNet offers ProtectV Instance, which enables organizations to encrypt and secure entire contents of A Security Practitioner’s Guide to the Cloud Whitepaper 6
  • 7. virtual servers, protecting these assets from theft or exposure. With ProtectV Instance, data contained on the drive is secured, even offline and during instance activation. ProtectV Instance provides a critical separation of duties for control of virtual servers and adds the critical visibility needed to audit cloud-based servers. The Benefits By leveraging full disk encryption for virtual servers in the cloud, enterprises can maintain ownership and control of their sensitive data—and so safeguard against the damage of unauthorized theft or manipulation. Even if a drive is replicated, a virtual analog of a lost laptop, security teams can still rest assured that their sensitive data won’t be exposed to unauthorized access. With ProtectV Instance, organizations can maximize the benefits of their private and public cloud deployments, including infrastructure as a service (IaaS), without compromising security. Virtual Machines On-premise ProtectV™Instance Hypervisor Virtual ServerSafeNet DataSecure® (Supplemental Security Option):• Manages encrypted instances • Security policy enforcement• Lifecycle key management • Access control Secured Cloud-based Storage For many organizations, the prospect of leveraging elastic, pay-as-you-go services for housing their exponentially expanding volumes of files and digital assets represents a significant opportunity. For many organizations however, particularly those who must meet regulatory mandates, security risks posed by keeping information in multi-tenant cloud storage servers can make the cloud a nonstarter. The Solution With ProtectV Volume, security teams can encrypt entire storage volumes in cloud deployments, ensuring cloud data is isolated and secured—even in shared, multi-tenant cloud storage services. Given its seamless integration, ProtectV Volume can be deployed in a broad range of cloud storage environments, regardless of the vendor or underlying storage technology. The Benefits With SafeNet, enterprises can efficiently leverage many of the benefits of cloud services, while retaining effective security controls. With SafeNet solutions, organizations can leverage the cloud for applications that would have previously been off limits from a security standpoint. With SafeNet, enterprises can realize a range of benefits: • Boost user productivity. Through its transparent, seamless security enforcement, SafeNet solutions enable authorized users to enjoy more consistent and reliable access in a manner that is seamless and transparent, which can help optimize productivity. A Security Practitioner’s Guide to the Cloud Whitepaper 7
  • 8. • Lower costs. By enabling comprehensive, cohesive security policy enforcement in the cloud, SafeNet solutions enable organizations to move more business services into the cloud, and so more fully enjoy the cost savings these models deliver. In addition, by centralizing and streamlining security administration and enforcement, SafeNet solutions deliver significant cost reductions. • Increase business agility. Inherently, cloud offerings enable organizations to scale or contract much more quickly and cost effectively than if they were relying on internally hosted infrastructures. Through its support of dynamic cloud environments, SafeNet solutions provide organizations with an unparalleled ability to take advantage of the cloud’s flexibility to more quickly adapt to changing requirements. Data On-premise ProtectV™Volume Storage Virtual ServerSafeNet DataSecure® (Supplemental Security Option):• Manages file protection • Security policy enforcement• Lifecycle key management • Access control Secured Cloud Application Data For virtually any enterprise, safeguarding the trust of consumers is essential. While migrating applications to SaaS and PaaS enables dramatic cost savings for the organization as well as ubiquitous access for users, this move means critical customer data ultimately resides in an environment not owned or controlled by the organization. Without active protection of the data entering the application, the potential risks associated with this loss of control and trust are severe. In order to satisfy both the economic benefits and security requirements of cloud-based applications, organizations must satisfy several core requirements: • Transparent application integration. Organizations must have the ability to encrypt data in their own application development environment, with simple integration that doesn’t require them to be cryptography experts. • Centralized control and management. Controlling data must be centralized to minimize operational costs and provide the capabilities required for auditing and separating administrative duties. • Flexible and agile deployment. Given that organizations will use multiple cloud providers, and change service providers over time, organizations need capabilities that enable flexible data protection controls when migrating to different vendors. The Solution In order to maintain security and business continuity while moving into the cloud, businesses can deploy DataSecure on premise and configure and provision ProtectApp to secure virtualized applications that interact with such sensitive data as credit cards, personally identifiable information, and more. ProtectApp is available in a wide variety of development platforms to enable transparent integration, while the centralized control A Security Practitioner’s Guide to the Cloud Whitepaper 8
  • 9. via DataSecure provides the flexibility to work with multiple cloud providers. The on- premise DataSecure platform is anchored as the root of trust for policy enforcement and lifecycle key management. In the cloud, ProtectApp handles encryption and key caching locally to deliver optimal performance. Because the data is protected as it is generated and stored on databases in the cloud and the keys are kept with the application server, enterprises can ensure sensitive data remains secure and demonstrate compliance with relevant mandates. The Benefits With SafeNet, organizations can utilize SaaS and PaaS for their applications, while also protecting their own customers’ data. In addition, the flexibility of the solution enables the deployment of these protections with minimal operational overhead and maximum agility to work with multiple cloud providers. Database ApplicationOn-premise ProtectDB ProtectApp Tokenization Local crypto and key caching DataSecure® Secured Cloud Communications Whether an organization is moving aggressively or tentatively into cloud-based services, the reality is that just about every enterprise will have a hybrid mix of services—including on-premise, private cloud, and public cloud—in place at any given time. As a result, an organization’s sensitive assets will often need to be transported across a wide area network (WAN) as data and processing are shared across these geographically distributed deployments. To build a trusted hybrid multi-site infrastructure, enterprises need to employ encryption to secure the transport of data across their WANs, while at the same time, ensuring high-speed, low-latency communications between these distributed sites. The Solution Today, SafeNet offers advanced layer 2 encryption solutions that enable organizations to secure WAN communications—while eliminating the challenges and obstacles presented by traditional IPsec encryption approaches. SafeNet Ethernet Encryptors provide the administrative efficiency and optimized performance and bandwidth utilization that make it ideally suited to an enterprise’s private cloud environment. The Benefits With SafeNet Ethernet Encryptors, organizations can ensure trusted communications across all their cloud-based and internally hosted sites, and so gain a range of benefits: • Boost user productivity. Through its high performance and reliability, SafeNet enables authorized users to quickly and securely transfer communications, media, and other data from the enterprise to the cloud—optimizing productivity. • Lower costs. By eliminating costly overhead for expensive transport pipes and providing full throughput, SafeNet offers immediate cost savings in the cloud and across the A Security Practitioner’s Guide to the Cloud Whitepaper 9
  • 10. enterprise. In addition, as cloud models evolve, businesses can easily add new devices into their existing cloud environment. By centralizing and streamlining security administration, management, and enforcement, SafeNet delivers significant cost reductions. • Increase business agility. Inherently, cloud offerings enable organizations to scale or contract much more quickly and cost effectively than if they were relying on internally hosted network infrastructures. Through its support of dynamic cloud environments, SafeNet provides organizations with an unparalleled ability to take advantage of the cloud’s flexibility to more quickly adapt to changing requirements.On-premise Private High Speed Encryptor SafeNet Trusted Cloud Fabric SafeNet delivers the industry’s most complete cloud fabric for virtualized environments, enabling enterprises to ensure trust throughout the lifecycle of enterprise data. The SafeNet Trusted Cloud Fabric™ represents a complete ecosystem that weaves together persistent protection, elastic encryption, anchored identity, and secured communication. With these capabilities, SafeNet brings trust to customers by delivering ownership and control over how data is isolated, protected, and shared—even in multi-tenant cloud environments. An extension of SafeNet Information Lifecycle Protection, the SafeNet Trusted Cloud Fabric™ enables customers to seamlessly integrate any cloud model into their near-term and long-term security strategies. About SafeNet, Inc. Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN)-02.17.11 A Security Practitioner’s Guide to the Cloud Whitepaper 10