Seguridad en la Nube

824 views
746 views

Published on

Seguridad en la Nube
Javier Liendo, Consultor de Seguridad para Cisco México / Grupo Dice
Congreso Mundo Contact Mexico 2012

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
824
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
41
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Seguridad en la Nube

  1. 1. Javier Liendo, CSE Securityjaliendo@cisco.comMexico City May 15th, 2012C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved.C97-694080-00 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. • Cloud Security – What’s changed?• Cloud Threats – What are new threats specific to cloud?• Cisco Cloud SecurityC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. “Cloud computing is a model forenabling convenient, on-demandnetwork access to a shared pool ofconfigurable computing resourcesthat can be rapidly provisioned andreleased with minimal managementeffort or service provider interaction.”C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. 1. Cloud Software as a Service (SaaS) Use provider’s applications over a network2. Cloud Platform as a Service (PaaS) Deploy customer-created applications to a cloud3. Cloud Infrastructure as a Service (IaaS) Rent processing, storage, network capacity, and other fundamental computing resourcesC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. Private cloud Enterprise owned or leased, may reside on or off premise Community cloud Shared infrastructure for specific community with common concerns/goalsPublic cloud Sold to the public, mega-scale infrastructureHybrid cloud Composition of two or more cloudsC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Hosted/Private Private Cloud Virtual Cloud Public Cloud Public Cloud (Iaas) (IaaS) (IaaS) (SaaS) Data Data Data Data App App App App VM VM VM VM Server Server Server Server Storage Storage Storage Storage Network Network Network Network “They” are in Security IT is in control Shared control controlC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Old New Protect the Data (and Application) Protect the Perimeter Protect the Hypervisor Place it in the right security VMs in motion need to move with zone ‘attached’ security policy Zones are static Zones are dynamic and on the move! Virtualization means machine to Machine to machine traffic machine traffic never leaves the host can be seen on ‘the wire’ Trust the ‘insider’ Pervasive Distrust Any shared resources need security Dedicated is secure scrutinyC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Experience Agility Economics SecurityC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. Policy Corporate Border Applications and Data Corporate Office Branch Office Attackers Partners CustomersC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. Policy Corporate Border Platform Infrastructure Applications as a Service as a Service X and Data Software as a Service as a Service Corporate Office Branch Office Home Office Airport Mobile Coffee User Attackers Partners Customers ShopC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. Policy Corporate Border Platform Infrastructure Applications as a Service as a Service X and Data Software as a Service as a Service Corporate Office Branch Office Home Office Airport Mobile Coffee User Attackers Partners Customers ShopC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. 2 Public Cloud • Threat defense • Secure multitenancy • Secure communications VDC1 1 Cloud Customer Cisco® ScanSafe Cisco IronPort® VDC2 • Policy management Email Web Security • Access control • Threat defense vPC • DLP Internet IPsec/SSL Campus IPsec/SSL Cisco Security Intelligence Operations (SIO) Active Cisco Identity Directory Services Engine Cisco Cisco VXI Cisco Cisco AnyConnect™ UCS™ TrustSec® Cisco ASA Cisco 3 1000V VSG Private Cloud Cisco • Secure multitenancy ASA VMs • Separation of duties 5585-X • Data protection Virtualization HypervisorC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. Related Secure Cloud Cloud Security Secure AS Security Infrastructure as a Service Cloud Access Services• Cisco ASA 5585; ASA • Cisco ScanSafe • Secure SaaS access • Secure Cloud SM; ASA1000V Web Security and Discovery Service Filtering • Cisco AnyConnect™• Cisco Nexus® 1000V • Security PDI switch • CiscoIronPort® • Cisco TrustSec® Cloud, Managed, • IT-GRC Services• Cisco Virtual Security • Cisco Identity and Hybrid Email Services Engine Gateway Security • VPN • Cisco SIO C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. • Cloud Security – What’s changed?• Cloud Threats – What are new threats specific to cloud?• Cisco Cloud SecurityC97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. Thank you.C97-694080-00 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

×