Giants Face-Off ShaharMaor’swork Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
Application Delivery: What is the Pressure? Globalization: Pushing business process to the network’s edge Centralization / Consolidation:Compliance, control, Cost cutting, Security, Efficiencies / resource utilization Enterprise & WebMonsterApplication:Architectures, Increased adoption of browser-based apps, Rich clients (AJAX), Web 2.0 technologies, SOA Service Provider Services Architectures: Next Generation Networks, Video, Messaging
Network Operations and Monitoring: What is the Pressure? Complexity!
Solutions??? Cloud Computing
Cloud delivery models Enterprise Traditional Enterprise IT Public Clouds Private Cloud Hybrid Cloud Public Cloud IT activities/functions are provided “as a service,” over the Internet
Private Cloud IT activities/functions are provided “as a service,” over an intranet, within the enterprise and behind the firewall
Key features include:
Hybrid Cloud Internal and external service delivery methods are integrated, with activities/functions allocated to based on security requirements, criticality, architecture and other established policies. Source: IBM Market Insights, Cloud Computing Research, July 2009.
The public cloud layers Source: GS http://blogs.zdnet.com/BTL/?p=28476
Enterprise Benefits from Cloud Computing Capability From To Cloud accelerates business value across a wide variety of domains. Legacy environments Cloud enabled enterprise Source: IBM
Requirements for Cloud Services Multitenant. A cloud service must support multiple, organizationally distant customers. Elasticity. Tenants should be able to negotiate and receive resources/QoSon-demand. Resource Sharing. Ideally, spare cloud resources should be transparently applied when a tenant’s negotiated QoS is insufficient, e.g., due to spikes. Horizontal scaling. It should be possible to add cloud capacity in small increments; this should be transparent to the tenants of the service. Metering. A cloud service must support accounting that reasonably ascribes operational and capital expenditures to each of the tenants of the service. Security. A cloud service should be secure in that tenants are not made vulnerable because of loopholes in the cloud. Availability. A cloud service should be highly available. Operability. A cloud service should be easy to operate, with few operators. Operating costs should scale linearly or better with the capacity of the service.
How Does Cloud Computing Affect the “Security Triad”?
Cloud Risk Assessment NETWORK MANAGEMENT Probability INSECURE OR INEFFECTIVE DELETION OF DATA ISOLATION FAILURE CLOUD PROVIDER MALICIOUS INSIDER - ABUSE OF HIGH PRIVILEGE ROLES MANAGEMENT INTERFACE COMPROMISE (MANIPULATION, AVAILABILITY OF INFRASTRUCTURE) LOSS OF GOVERNANCE COMPLIANCE CHALLENGES RISK FROM CHANGES OF JURISDICTION Impact http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/
Cloud Regulations & Recommendations No regulations so far…. Some sources of information and recommendations: Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1 ENISA Cloud Computing Risk Assessment OECD -Cloud Computing and Public Policy World Privacy Forum Privacy In The Clouds Report NIST -Effectively and Securely Using the Cloud "Cloud Computing Security: Raining On The Trendy New Parade," BlackHat AWS Security Whitepaper
Security in the Cloud: Email Security- Israeli Market Positioning 1Q10 Hosted/Cloud Solutions: Google (Postini) Microsoft (Forefront) Symantec (MessageLabs) Cisco (Ironport) McAfee (MX Logic) Cisco Player Local Support Symantec Worldwide Leader Fast Movement PineApp Trend Micro Microsoft McAfee This analysis should be used with its supporting documents Mirapoint SafeNet Websense Market Presence
Secure Web-Gateway- Israeli Market Positioning 1Q10 Solutions to Watch: Microsoft (TMG) Zscaler BlueCoat Player Websense Local Support Worldwide Leader Fortinet Fast Movement Cisco Symantec Trend Micro SafeNet This analysis should be used with its supporting documents McAfee Market Presence