Rob Rowlingson, Principal Security Researcher at BT Research and Technology, gave this presentation at the EIT ICT Labs Interactive Cloud Clinic event.

1. ©British Telecommunicationsplc
TemplateVersion1.2
Future Cloud Action
Line
High Impact Initiative

2. ©British Telecommunicationsplc
TemplateVersion1.2
BT Assure. Security that matters
Rob Rowlingson
Principal Security Researcher, BT Research & Technology
Contact: robert.rowlingson@bt.com
BT Cloud Enterprise Service Store
with Intelligent Protection

3. ©British Telecommunicationsplc
TemplateVersion1.2
Motivation: CIO dilemma: cloud vs. visibility & control
You have to:
Protect IT assets against
cyber-threats
Account for security
incidents.
I worry about:
My privacy
Loss of my data
The integrity of transactions
Harmful cloud applications
Cloud is cheap – use it now!
Security is too expensive – find a way around it …
I guarantee the
infrastructure & platform
You protect your
applications and data
Every cloud journey is
a new security project
• Migration
assessment
• Risk Analysis
Architecture
• Integration costs
• Operational costsSecurity Consultant
Cybercrime thrives on application/data/
platform/infrastructure
security gaps
Confused
CIO
End-User
CFO
Cloud Provider
Cloud adoption will always be limited until the
application/data/infrastructure security & governance gap is filled
Cloud providers consider application & data protection to be beyond their concern
Complicated and expensive for users to protect assets on public or hybrid clouds
Cloud users have little visibility or control of how their assets are protected in the cloud

4. ©British Telecommunicationsplc
TemplateVersion1.2
Why Work with BT?
• BT Cloud Compute
– Exposure via a global cloud service
– 16 platforms, 4 continents, 45 data centres
– 4 global customer service centre hubs and 22 satellite
centres
– operating 24/7 and serving businesses in 198 countries.
• HII Trusted Ecosystem Accelerator (3rd Party
Ecosystem)
• ‘Intelligent Protection’ for your Applications
• New market opportunities for Cloud services
• Close collaboration with BT Research and Innovation

5. ©British Telecommunicationsplc
TemplateVersion1.2
Common Capabilities for Cloud Service Stores:
basic ecosystem definition
5
Cloud-based On-premise
Fully managed
Self-managed

6. Automatic Application Protection
6
• During Application Provisioning, Customers / Tenants:
• Purchase Intelligent Protection License for the required Security Modules
(Firewall, Anti-Malware, Intrusion Detection, Integrity Monitoring, Log Inspection)
• Select an Application from the Application Market Place.
• Automatically Protect deployed Application with selected Host Security Options.
Protected Application Provisioning

7. ©British Telecommunicationsplc
Slide 7
Cloud portal
Intelligent Protection
Security Dashboard
Core strengths & innovative features
• In flight intrusion prevention, no down time
• Comprehensive security solution: Virtual firewall, IPS, Security Patch management, Anti-malware
• 360o Protection of customer applications
• Build for Cloud/VDC- hypervisor level security, more effective, easier to integrate into the cloud
• Supports physical servers & computers devices – agents can be deployed on physical or virtual hosts
BT Intelligent Protection

8. BT Intelligent Protection
High-Level Architecture
8

9. Automated Data Protection in the Cloud
IaaS/PaaS edition
9
Via the dashboard/portal, users can:
1. Attach, detach, encrypt or share encrypted data volumes, file-system directories
and data objects (e.g. files) with 3-clicks in <2min.
2. Define context (location/time/ownership/security-level)–based data access
3. Access a personalised secure key-store hosted by BT (on premise variants are
also available on request)
It is fully validated on BT Cloud and partly on 3rd parties (Amazon). Trials show
<10% overhead of encrypted storage operations,
<5% overhead to provisioning time of unprotected VMs

10. ©British Telecommunicationsplc
TemplateVersion1.2
Overview of Trusted Cloud Digital Service Store:
indicative user journeys
General Use of
Digital Market
Place
Application Store Catalogue
Infrastructure Store Catalogue
STaaS Catalogue
On-board an Application
Design a new workload
Deploy an application
Infrastructure Use Deploy Apps in internal cloud (Cloud
Platform, OpenStack, etc.)
Deploy Apps in public cloud Amazon
EC2, Azure, BT Compute)
Use object storage (STaaS) and
Encryption as a Service
Use of “Horizontal”
Cloud/Cyber
Security Services
Application and Host protection: Protect applications in multiple clouds via
Intelligent Protection
Data protection (Encryption) as a Service: Encrypt files and virtual volumes in the
cloud
Email filtering as a Service: Email server purchased via the Appstore
External email server

11. Use in R&D, trials and production
• Exposure via a global
cloud service
• 16 platforms across 4
continents
• 45 data centres
• 4 global customer service
centre hubs and 22
satellite centres
• operating 24/7 and serving
businesses in 198
countries.
Incorporated into BT
Cloud Compute
release roadmap as
a value-add feature
• UK:
•London Borough of Camden
•Italy:
•City of Genoa
•Serbia:
•Strati-Grand, Belgrade
•Exposure to 2000 users of
public services
•Enable secure consumption of
public services across European
regions
Baseline technology
for governmental
cloud pilots
•Part of Trusted Cloud
Platform - EIT ICT Labs High
Impact Initiative
•To be exposed to UK SMEs for
as a co-innovation platform
by the ICT Catapult in the UK
•Platform of choice for future
research on cyber-security
attack analysis and
prevention by Imperial
College London – UK Global
Uncertainties programme
Baseline platform
for Trusted Cloud
innovation by SMEs

12. New customer experience
• Make security management integral part of cloud application assemblyFusion
• integrity &security functions become managed parameters
• while the form and coverage of the functions automatically adjust to user
selection.
Uniformity and
Customisation
• “click-to-buy” security services
• “click-to-build” secure applications in less than 5 clicks.
Automation
•automatic generation of recommended security policy
• based on vulnerability analysis of the application stack, cloud
characteristics, user preferences and desired business impact levels;
Versatility
•one cloud-based service securing applications and data on multiple
private and public cloud infrastructures and platformsUniversality
• Automatically generated customisable security dashboard per user
•Unifying view of the security state of user’s applications on any cloud
Visibility
• enables enforcing a common security policy to
•all instances of an application on multiple cloud environments.
Control
Simplified customer experience through a market place, and a service and security
management dashboard. Eliminates costs and risks of deployment, integration and
management of complex security software or appliances.

13. SummaryFusion
Make security
management integral
part of cloud data &
application assembly
Ubiquity
integrity &security
functions become
managed parameters
Automated
“click-to-buy” security services
“click-to-build” secure data &
applications in less than 5
clicks.
Versatile
automatic generation
of recommended
security policy
Universal
one service protecting
applications and data on
multiple clouds
VisibilityUnifying view of the
security state of user’s
applications on any cloud
Control
enables enforcing a common
enterprise security policy
across clouds
Exposure in production via a
global cloud service
(BT Cloud Compute)
Exposure to 2000
users of public services
UK Research & Development
Product Development
Core Service operations
“The benefit has been in convincing the
customer that Security is not just in our
DNA, it's something that they can embed in
their DNA with a single click!” David Cairns,
Principle Solutions Architect, BT Cloud Compute