SlideShare a Scribd company logo

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Stefaan Van daele
Stefaan Van daele

This is the presentation I have given at the Secure Cloud 2014 conference in Amsterdam with a small update: it contains the link to the website with additional information about security use cases in the different Cloud models ( IaaS, PaaS, SaaS )

Technology
1 of 20
Download to read offline
© 2014 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation Security Building Blocks of the Cloud Computing Reference Architecture Stefaan Van daele Senior Security Architect – IBM Europe stefaan_vandaele at be.ibm.com stefaanvda http://www.linkedin.com/in/stefaanvdaele
© 2014 IBM Corporation IBM Security Systems 22 Security Requirements in Cloud Solutions
© 2014 IBM Corporation IBM Security Systems 3 Different cloud deployment models also change the way we think about security Private cloud Public cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Available to the general public or a large industry group and owned by an organization selling cloud services. Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability - Customer responsibility for infrastructure − More customization of security controls − Good visibility into day-to-day operations − Easy to access to logs and policies − Applications and data remain “inside the firewall” − Provider responsibility for infrastructure − Less customization of security controls − No visibility into day-to-day operations − Difficult to access to logs and policies − Applications and data are publically exposed Changes in Security and Privacy
© 2014 IBM Corporation IBM Security Systems 4 Minimizing the risks of cloud computing requires a strategic approach  Define a cloud strategy with security in mind – Identify the different workloads and how they need to interact. – Which models are appropriate based on their security and trust requirements and the systems they need to interface to?  Identify the security measures needed – Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as governance, architecture, applications and assurance. Enabling security for the cloud – Define the upfront set of assurance measures that must be taken. – Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational security measures.
© 2014 IBM Corporation IBM Security Systems 5 Our approach to delivering security aligns with each phase of an organization’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Example security capabilities  Cloud security roadmap  Secure development  Network threat protection  Server security  Database security  Application security  Virtualization security  Endpoint protection  Configuration and patch management  Identity and access management  Secure cloud communications  Managed security services Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. IBM Cloud Security Approach
© 2014 IBM Corporation IBM Security Systems 6 Adoption patterns are emerging for successfully beginning and progressing cloud initiatives IBM Cloud Security - One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
© 2014 IBM Corporation IBM Security Systems 7 Capabilities provided to consumers for using a provider’s applications Key security focus: Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies Integrated service management, automation, provisioning, self service Key security focus: Infrastructure and Identity  Manage datacenter identities  Secure virtual machines  Patch default images  Monitor logs on all resources  Network isolation Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Key security focus: Applications and Data  Secure shared databases  Encrypt private information  Build secure applications  Keep an audit trail  Integrate existing security Advanced platform for creating, managing, and monetizing cloud services Key security focus: Data and Compliance  Isolate cloud tenants  Policy and regulations  Manage security operations  Build compliant data centers  Offer backup and resiliency Each pattern has its own set of key security concerns Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Security Intelligence – threat intelligence, user activity monitoring, real time insights
© 2014 IBM Corporation IBM Security Systems 88 Cloud Computing Reference Architecture (CCRA)
© 2014 IBM Corporation IBM Security Systems 9 March 2009 Initiated CCAB SC CCMP Reference Architecture Early 2012 • Release CCRA 2.5 • Reach milestone of ~1500 IBMers formally educated on the CCRA July 2011 Released “CCRA 2.0 for Business Partners” February 2011 Submitted CCRA to The Open Group Evolution of the Cloud Computing Reference Architecture (CCRA 3.0) November 2012 • Release CCRA 3.0 • Adoption Patterns  Prescriptive guidance on IaaS/PaaS/CSP/SaaS March 2011 Release CCRA 2.0March 2010 Published CC & CCMP Reference Architecture 1.0 October 2010 Used in Cloud Launch and various customer/analyst sessions April 2011 Public Cloud RA whitepaper available on ibm.com 2012/13 CCRA Standardization ongoing Defined overall architectural foundation Added product- and –integration focused solution architectures
© 2014 IBM Corporation IBM Security Systems 10 Represents the aggregate experience from hundreds of cloud client engagements and IBM-hosted cloud implementations –Based on knowledge of IBM’s services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies Reflected in the design of – Clouds IBM implements for clients – IBM-hosted cloud services – IBM cloud appliances – IBM cloud products Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc The IBM Cloud Computing Reference Architecture (CCRA) Governance Security, Resiliency, Performance & Consumability Cloud Service Creator Cloud Service Consumer Cloud Service Provider Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service Business-Process- as-a-Service Business Support Services (BSS) Cloud Service Integration Tools Consumer In-house IT Service Creation Tools Infrastructure Existing & 3rd party services, Partner Ecosystems CCRA 3.0 Common Reference Architecture Foundation Cloud-enabled data center / building IaaS Platform Services Cloud Service Provider Building SaaS
© 2014 IBM Corporation IBM Security Systems 11 CCRA Detailed Overview
© 2014 IBM Corporation IBM Security Systems 12 CCRA Security Component Model *Infrastructure Includes – Server, Network, Storage Security Components Security Intelligence, Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8ee7_4e49c1ef5d22/p age/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0 Additional information can be found here :
© 2014 IBM Corporation IBM Security Systems 13 Using the IBM Security Framework, we articulate the way we address security in the Cloud in terms of Foundational Controls IBM Cloud Security Reference Model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security DeployDesignConsume
© 2014 IBM Corporation IBM Security Systems 14 Understand Client Define Client Requirements Design Solution Detail Design Define Roadmap & 1st Project Business Driver Actors and use cases Non-functional requirements System context Architecture decisions Architecture overview Component model Operational model Solution integration Details Cloud roadmap Project description Viability Assessment Solution Approach - Summary Get a thorough understanding of their existing IT environment and identify the client’s Cloud Adoption Pattern Identify actors, workloads and associated use cases and identify security requirements for each scenario Define the Architecture Overview Identify the building blocks and controls needed leveraging the IBM Security Framework and Cloud Foundational Controls Define the project plan with overall timeline, phases and key milestones, and overall delivery Use the CCRA Security Component Model to identify required components and their interactions for the solution Realize the component by mapping to the capabilities in our products / services portfolio Leverage assets to build the deployment architecture and integration requirements
© 2014 IBM Corporation IBM Security Systems 15 Cloud Enabled Data Center - simple use case Cloud Enabled Data Center Self-Service GUI Cloud Platform User identity is verified and authenticated 1 Available Resource Resource Pool Resource chosen from correct security domain 2 Image Library Machine Image VM is configured with appropriate security policy 3 Hypervisor Configured Machine Image Virtual Machine Virtual Machine Image provisioned behind FW / IPS 4 Host security installed and updated 5 SW Catalog Config Binaries Software patches applied and up-to-date 6 Identity & Access Management Security Information & Event Management Endpoint Management Threat & Intrusion Prevention
© 2014 IBM Corporation IBM Security Systems 1616 One component in detail: Security Information and Event Management
© 2014 IBM Corporation IBM Security Systems 17 Security Components Security Intelligence Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management Security Component Model – Cloud Enabled Data Center *Infrastructure Includes – Server, Network, Storage
© 2014 IBM Corporation IBM Security Systems 18 Generic security service catalog for Security Operations Risk and Compliance Compliance Reporting Risk Reporting Compliance Controlling Records Management Fraud Detection Risk Identification Digital Forensics Supervisory ServicesCompliance Management Evidence ManagementRisk Management Analytics Services Security & Compliance Dashboard Threat and Vulnerability Management Vulnerability Remediation Vulnerability Analysis Vulnerability Discovery Security Information and Event ManagementVulnerability Management Security Event Correlation & Normalization Security Log Collection & Normalization Security Monitoring and Alerting Security Problem and Incident Response Threat Analysis Security Threat and Vulnerability Research Threat Identification Security Intelligence Threat Management Threat Mitigation IT Service Management Incident and Problem Management Asset Management Asset Administration IT Service Management Asset Management
© 2014 IBM Corporation IBM Security Systems 19 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Practical example: SIEM across hybrid cloud deployments Workloads deployed in private virtual Environments Public Cloud Services
© 2014 IBM Corporation IBM Security Systems 20 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Recommended

CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdf
JoniGarcia9
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 

Recommended

CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdf
JoniGarcia9
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
Amazon Web Services
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
Jonathan Wade
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the Cloud
Netskope
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Amazon Web Services
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security
Tom Laszewski
 
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
Amazon Web Services Korea
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is EssentialWhy a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
Bhuvaneswari Subramani
 
Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09
Tim Cole
 
Microsoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMicrosoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -Security
Michael Hettich
 

More Related Content

What's hot

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Amazon Web Services
 
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
Amazon Web Services Korea
 
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 

What's hot (20)

An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the Cloud
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security
 
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
KB금융지주의 클라우드 혁신 사례 – 협업플랫폼 Clayon - 고종원 매니저, AWS / 박형주 부장, KB금융지주 :: AWS Summ...
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
 
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is EssentialWhy a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 

Viewers also liked

Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
Achim D. Brucker
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Private Cloud
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
Simple cloud reference architecture
Simple cloud reference architectureSimple cloud reference architecture
Simple cloud reference architecture
DaeMyung Kang
 
Mobile security-reference-architecture
Mobile security-reference-architectureMobile security-reference-architecture
Mobile security-reference-architecture
Vishal Sharma
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Khazret Sapenov
 
Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...
OWASP Russia
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
HyTrust
 

Viewers also liked (20)

Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09
 
Microsoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMicrosoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -Security
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modeling
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Simple cloud reference architecture
Simple cloud reference architectureSimple cloud reference architecture
Simple cloud reference architecture
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Cloud reference architecture as per nist
Cloud reference architecture as per nistCloud reference architecture as per nist
Cloud reference architecture as per nist
 
Mobile security-reference-architecture
Mobile security-reference-architectureMobile security-reference-architecture
Mobile security-reference-architecture
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
 
Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
 
Intro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal GovernmentIntro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal Government
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick Overview
 
FDA Focus on Design Controls
FDA Focus on Design Controls FDA Focus on Design Controls
FDA Focus on Design Controls
 

Similar to Security Building Blocks of the IBM Cloud Computing Reference Architecture

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
IBM Switzerland
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
catherinewall
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 

Similar to Security Building Blocks of the IBM Cloud Computing Reference Architecture (20)

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
 
Bienvenida
BienvenidaBienvenida
Bienvenida
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
 
Cloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureCloud Computing Strategy and Architecture
Cloud Computing Strategy and Architecture
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
 
Salesforce.com – A Cloud Provider
Salesforce.com – A Cloud ProviderSalesforce.com – A Cloud Provider
Salesforce.com – A Cloud Provider
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Cloud as an Enabler for Business Innovation
Cloud as an Enabler for Business InnovationCloud as an Enabler for Business Innovation
Cloud as an Enabler for Business Innovation
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Security Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A ReviewSecurity Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A Review
 
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointSpeed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
 
Cloud computing – an emerging paradigm
Cloud computing – an emerging paradigmCloud computing – an emerging paradigm
Cloud computing – an emerging paradigm
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Cisco Powered Overview
Cisco Powered OverviewCisco Powered Overview
Cisco Powered Overview
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud ppt
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Security Building Blocks of the IBM Cloud Computing Reference Architecture

  • 1. © 2014 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation Security Building Blocks of the Cloud Computing Reference Architecture Stefaan Van daele Senior Security Architect – IBM Europe stefaan_vandaele at be.ibm.com stefaanvda http://www.linkedin.com/in/stefaanvdaele
  • 2. © 2014 IBM Corporation IBM Security Systems 22 Security Requirements in Cloud Solutions
  • 3. © 2014 IBM Corporation IBM Security Systems 3 Different cloud deployment models also change the way we think about security Private cloud Public cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Available to the general public or a large industry group and owned by an organization selling cloud services. Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability - Customer responsibility for infrastructure − More customization of security controls − Good visibility into day-to-day operations − Easy to access to logs and policies − Applications and data remain “inside the firewall” − Provider responsibility for infrastructure − Less customization of security controls − No visibility into day-to-day operations − Difficult to access to logs and policies − Applications and data are publically exposed Changes in Security and Privacy
  • 4. © 2014 IBM Corporation IBM Security Systems 4 Minimizing the risks of cloud computing requires a strategic approach  Define a cloud strategy with security in mind – Identify the different workloads and how they need to interact. – Which models are appropriate based on their security and trust requirements and the systems they need to interface to?  Identify the security measures needed – Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as governance, architecture, applications and assurance. Enabling security for the cloud – Define the upfront set of assurance measures that must be taken. – Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational security measures.
  • 5. © 2014 IBM Corporation IBM Security Systems 5 Our approach to delivering security aligns with each phase of an organization’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Example security capabilities  Cloud security roadmap  Secure development  Network threat protection  Server security  Database security  Application security  Virtualization security  Endpoint protection  Configuration and patch management  Identity and access management  Secure cloud communications  Managed security services Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. IBM Cloud Security Approach
  • 6. © 2014 IBM Corporation IBM Security Systems 6 Adoption patterns are emerging for successfully beginning and progressing cloud initiatives IBM Cloud Security - One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
  • 7. © 2014 IBM Corporation IBM Security Systems 7 Capabilities provided to consumers for using a provider’s applications Key security focus: Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies Integrated service management, automation, provisioning, self service Key security focus: Infrastructure and Identity  Manage datacenter identities  Secure virtual machines  Patch default images  Monitor logs on all resources  Network isolation Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Key security focus: Applications and Data  Secure shared databases  Encrypt private information  Build secure applications  Keep an audit trail  Integrate existing security Advanced platform for creating, managing, and monetizing cloud services Key security focus: Data and Compliance  Isolate cloud tenants  Policy and regulations  Manage security operations  Build compliant data centers  Offer backup and resiliency Each pattern has its own set of key security concerns Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Security Intelligence – threat intelligence, user activity monitoring, real time insights
  • 8. © 2014 IBM Corporation IBM Security Systems 88 Cloud Computing Reference Architecture (CCRA)
  • 9. © 2014 IBM Corporation IBM Security Systems 9 March 2009 Initiated CCAB SC CCMP Reference Architecture Early 2012 • Release CCRA 2.5 • Reach milestone of ~1500 IBMers formally educated on the CCRA July 2011 Released “CCRA 2.0 for Business Partners” February 2011 Submitted CCRA to The Open Group Evolution of the Cloud Computing Reference Architecture (CCRA 3.0) November 2012 • Release CCRA 3.0 • Adoption Patterns  Prescriptive guidance on IaaS/PaaS/CSP/SaaS March 2011 Release CCRA 2.0March 2010 Published CC & CCMP Reference Architecture 1.0 October 2010 Used in Cloud Launch and various customer/analyst sessions April 2011 Public Cloud RA whitepaper available on ibm.com 2012/13 CCRA Standardization ongoing Defined overall architectural foundation Added product- and –integration focused solution architectures
  • 10. © 2014 IBM Corporation IBM Security Systems 10 Represents the aggregate experience from hundreds of cloud client engagements and IBM-hosted cloud implementations –Based on knowledge of IBM’s services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies Reflected in the design of – Clouds IBM implements for clients – IBM-hosted cloud services – IBM cloud appliances – IBM cloud products Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc The IBM Cloud Computing Reference Architecture (CCRA) Governance Security, Resiliency, Performance & Consumability Cloud Service Creator Cloud Service Consumer Cloud Service Provider Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service Business-Process- as-a-Service Business Support Services (BSS) Cloud Service Integration Tools Consumer In-house IT Service Creation Tools Infrastructure Existing & 3rd party services, Partner Ecosystems CCRA 3.0 Common Reference Architecture Foundation Cloud-enabled data center / building IaaS Platform Services Cloud Service Provider Building SaaS
  • 11. © 2014 IBM Corporation IBM Security Systems 11 CCRA Detailed Overview
  • 12. © 2014 IBM Corporation IBM Security Systems 12 CCRA Security Component Model *Infrastructure Includes – Server, Network, Storage Security Components Security Intelligence, Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8ee7_4e49c1ef5d22/p age/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0 Additional information can be found here :
  • 13. © 2014 IBM Corporation IBM Security Systems 13 Using the IBM Security Framework, we articulate the way we address security in the Cloud in terms of Foundational Controls IBM Cloud Security Reference Model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security DeployDesignConsume
  • 14. © 2014 IBM Corporation IBM Security Systems 14 Understand Client Define Client Requirements Design Solution Detail Design Define Roadmap & 1st Project Business Driver Actors and use cases Non-functional requirements System context Architecture decisions Architecture overview Component model Operational model Solution integration Details Cloud roadmap Project description Viability Assessment Solution Approach - Summary Get a thorough understanding of their existing IT environment and identify the client’s Cloud Adoption Pattern Identify actors, workloads and associated use cases and identify security requirements for each scenario Define the Architecture Overview Identify the building blocks and controls needed leveraging the IBM Security Framework and Cloud Foundational Controls Define the project plan with overall timeline, phases and key milestones, and overall delivery Use the CCRA Security Component Model to identify required components and their interactions for the solution Realize the component by mapping to the capabilities in our products / services portfolio Leverage assets to build the deployment architecture and integration requirements
  • 15. © 2014 IBM Corporation IBM Security Systems 15 Cloud Enabled Data Center - simple use case Cloud Enabled Data Center Self-Service GUI Cloud Platform User identity is verified and authenticated 1 Available Resource Resource Pool Resource chosen from correct security domain 2 Image Library Machine Image VM is configured with appropriate security policy 3 Hypervisor Configured Machine Image Virtual Machine Virtual Machine Image provisioned behind FW / IPS 4 Host security installed and updated 5 SW Catalog Config Binaries Software patches applied and up-to-date 6 Identity & Access Management Security Information & Event Management Endpoint Management Threat & Intrusion Prevention
  • 16. © 2014 IBM Corporation IBM Security Systems 1616 One component in detail: Security Information and Event Management
  • 17. © 2014 IBM Corporation IBM Security Systems 17 Security Components Security Intelligence Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management Security Component Model – Cloud Enabled Data Center *Infrastructure Includes – Server, Network, Storage
  • 18. © 2014 IBM Corporation IBM Security Systems 18 Generic security service catalog for Security Operations Risk and Compliance Compliance Reporting Risk Reporting Compliance Controlling Records Management Fraud Detection Risk Identification Digital Forensics Supervisory ServicesCompliance Management Evidence ManagementRisk Management Analytics Services Security & Compliance Dashboard Threat and Vulnerability Management Vulnerability Remediation Vulnerability Analysis Vulnerability Discovery Security Information and Event ManagementVulnerability Management Security Event Correlation & Normalization Security Log Collection & Normalization Security Monitoring and Alerting Security Problem and Incident Response Threat Analysis Security Threat and Vulnerability Research Threat Identification Security Intelligence Threat Management Threat Mitigation IT Service Management Incident and Problem Management Asset Management Asset Administration IT Service Management Asset Management
  • 19. © 2014 IBM Corporation IBM Security Systems 19 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Practical example: SIEM across hybrid cloud deployments Workloads deployed in private virtual Environments Public Cloud Services
  • 20. © 2014 IBM Corporation IBM Security Systems 20 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.