Security of the Cloud John Johnson PSN Solutions Architect Date: 19th October 2011© 2010 Cisco and/or its affiliates. All ...
Next Steps                                                           Problems                                             ...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   3
Cloud Hype              Cloud Computing                Grid Computing             Cluster Computing
Visual Model of NIST’s         Working Definition                                                        Pro’s & Cons     ...
Internet                                                      Cloud Security Services                                     ...
Cloud Security ServicesPublicCloud                                                           Securing Cloud Access        ...
Virtualized          Private                                                           App Servers   Cloud Security Servic...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   9
CSA: Security Guidance for Critical Areas ofFocus in Cloud Computing                                       Cloud Computing...
Cloud Risk Domains1.         Data Security – Ownership2.         Identity Access Control3.                        !       ...
ApplicationApplication                          Middleware                 Database  Server                       Operatin...
ApplicationApplication                          Middleware                 Database  Server                       Operatin...
ApplicationApplication                          Middleware                 Database  Server                       Operatin...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   15
Cloud Standards                                               Coordination                                               C...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   17
1. Identity and Access Management                                                                                    2. Da...
3                                     Email SaaS                                                                       Cus...
Web SaaS                         Malware Protection:                         Content analysis to detect                   ...
Corporate                                                           User                           ScanSafe               ...
Always On        Always Secure      Always Simple                                                                         ...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   23
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   24
Deep        Structural      Virtualized                                               Content     Content         Script  ...
Deep        Structural      Virtualized                                               Content     Content         Script  ...
Identified: Malicious                                                                                       Malware       ...
Detailed visibility                                                                          Complete flexibility         ...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   29
Number      of SaaS      Services     Rendered                                                      Early 2000s          2...
Corporate                        Office                                    Cisco IronPort Web                             ...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   32
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   33
Virtualized Multi-Tenant Data Center                 Smart Business Architecture (SBA)          SecureX architecture      ...
Cloud Services / Applications (including the software to                                                               aut...
VM                                  VM                                 VM                        VM                       ...
© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   37
Enabling Providers to offer trusted Cloud solutions & services      Tailored Solutions                                   R...
Thank you.© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   39
YOUR YEAR-ROUND  IT RESOURCE – access to everything  you’ll need to know
THE WHOLETECHNOLOGY   STACKfrom start to finish
COMMENT &  ANALYSISInsights, interviews and the latest thinking on technology solutions
VIDEOYour source of live information – all the presentations from         our live events
TECHNOLOGY     LIBRARY   Over 3,000 whitepapers,case studies, product overviews and press releases from all the       lead...
EVENTS, WEBINARS &    PRESENTATIONS           Missed the event?   Download the presentations thatinterest you. Catch up wi...
DirectoryA comprehensive A-Z listing     providing in-depth    company overviews
ALL FREE TO ACCESS    24/7
online.ipexpo.co.uk
Security of the Cloud
Security of the Cloud
Security of the Cloud
Security of the Cloud
Security of the Cloud
Security of the Cloud
Security of the Cloud
Security of the Cloud
Upcoming SlideShare
Loading in …5
×

Security of the Cloud

922 views

Published on

According to Forrester, security is one of the top barriers to cloud computing. While cloud computing increases business agility, scalability, and efficiency, it also introduces new security risks and concerns in areas such as increased attack surface, ownership/responsibilities and shared environments. This presentation will outline the complex challenges and how Cisco cloud security offerings help customers take a strategic and architectural approach to cloud adoption. Also, find out how Cisco cloud security solutions dovetail with Cisco Data Centre and Borderless Networks services to deliver high performance and operational simplicity.

Published in: Technology, Business

Security of the Cloud

  1. 1. Security of the Cloud John Johnson PSN Solutions Architect Date: 19th October 2011© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. Next Steps Problems Solutions© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. Cloud Hype Cloud Computing Grid Computing Cluster Computing
  5. 5. Visual Model of NIST’s Working Definition Pro’s & Cons of Cloud Computing Essential Characteristics Measured C ommon implies multi- Rapid Elasticity Service tenancy Broad Network On- Resource LSelf Service ocation-independent Demand Access Pooling O nline Service Delivery Models U tility implies pay-for-use Infrastucture pricing Service (PaaS) as a Service Software as a Service (SaaS) Platform as a (IaaS) D emand implies ~infinite, ~immediate, ~invisible Deployment Models scalability Public Private Hybrid Communityhttp://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html Source:http://blogs.zdnet.com/Hinchcliffe © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Internet Cloud Security Services Email Web Secure Mobility© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Cloud Security ServicesPublicCloud Securing Cloud Access Chris Hoff© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Virtualized Private App Servers Cloud Security Services Cloud Securing Cloud Access Security Cloud Infrastructure Chris Hoff© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. CSA: Security Guidance for Critical Areas ofFocus in Cloud Computing Cloud Computing Architectural Framework Governing in the Cloud Operating in the Cloud Governance & Enterprise Traditional Security Risk Management Data Center Operations Legal & eDiscovery Incident Response Compliance and Audit Virtualization Identity & Access Management Data Life Cycle Management Application Security Portability & Interoperability Encryption & Key Management© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. Cloud Risk Domains1. Data Security – Ownership2. Identity Access Control3. ! Insider Abuse & Privilege SaaS !4. Internet Threats IaaS PaaS Information IT & Business Security Readiness 5. Compliance ! 7. ! Availability 6. Service Location 8. Monitoring Control & Availability & Compliance Performance© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. ApplicationApplication Middleware Database Server Operating System Hypervisor StorageCPU Networking Backup YOUR DATA Datacenter (Power, Cooling, Physical Security) Consumer Providers Responsibility Responsibility
  13. 13. ApplicationApplication Middleware Database Server Operating System Hypervisor StorageCPU Networking Backup YOUR DATA Datacenter (Power, Cooling, Physical Security) Consumer Providers Responsibility Responsibility
  14. 14. ApplicationApplication Middleware Database Server Operating System Hypervisor StorageCPU Networking Backup YOUR DATA Datacenter (Power, Cooling, Physical Security) Consumer Providers Responsibility Responsibility
  15. 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. Cloud Standards Coordination Compliance Targeted Trust Facilitation Mechanisms© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. 1. Identity and Access Management 2. Data Loss Prevention 3. Web Security 4. Email Security 5. Security Assessments 6. Intrusion Management 7. Security Information and Event Management 8. Encryption 9. Business Continuity and Disaster Recovery 10. Network Security Source: https://cloudsecurityalliance.org/research/working-groups/security-as-a-service/© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. 3 Email SaaS Customer Outbound Control: Apply DLP and encryption policies Cisco IronPort Email Security Services Providing industry-leading 2 email security with choice Pass Clean Email Cloud • Hybrid • Managed Key Service Attributes Data Centers Dedicated infrastructure Co-managed access Centralized tracking & reporting 1 Inbound Hygiene: Removes spam and viruses© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. Web SaaS Malware Protection: Content analysis to detect and block all malware 3 Cisco ScanSafe Web 2 Policy Security Services Enforcement: - All outbound Delivering market-leading traffic is web security & visibility passed Anti-Malware Web Filters Application through Key Service Attributes Controls defined policy Zero day malware protection Multi-tenant infrastructure Cloud redirection: On-demand capacity 1 Web traffic is forwarded directly to the cloud© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. Corporate User ScanSafe IronPort WSA Transparent Redirect AnyConnect ISR or ASA Form Factor Choice Common functionality Split Services DLP, SIEM integration Simplified Deployment Easily leverage the cloud Roaming User© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. Always On Always Secure Always Simple Mobile User Internet Café Mobile Internet© 2010 Cisco and/or its affiliates. All rights reserved. User Café Cisco Confidential 22
  23. 23. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. Deep Structural Virtualized Content Content Script Analysis Investigation Emulation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  26. 26. Deep Structural Virtualized Content Content Script Analysis Investigation Emulation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. Identified: Malicious Malware Content: redirect Obfuscated Javascript Content: PDF Scanning Tower: 133b 22d Requests Server: 93a2 421h6 Action: Blocked Deep Structural Virtualized Content Content Script Analysis Investigation Emulation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  28. 28. Detailed visibility Complete flexibility Real-time data Results in seconds Attributes All data stored in the cloud User Business Forensic Behavior Intelligence Report Analysis Insight Generation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
  29. 29. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
  30. 30. Number of SaaS Services Rendered Early 2000s 2010 Year© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  31. 31. Corporate Office Cisco IronPort Web Security Appliance/ SaaS Gateway Branch Office Home Office AnyConnect Secure Mobility User Directory Client No Direct Access Visibility | Centralized Enforcement | Single Source Revocation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
  32. 32. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  33. 33. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  34. 34. Virtualized Multi-Tenant Data Center Smart Business Architecture (SBA) SecureX architecture Small Business Pro Foundation (SBPF) Solution 2.x (VMDC) Secure Network Foundation (SNF) • Next-Generation, Context-aware Security Architecture • Focus on end-to-end secure network, / SP)upon Enterprise class portfolio • Builds cloud providers (Enterprise built • Recommends Enterprise/SP class security • Basic Network Security (Firewall, IPS, VPN) Offering services in the network Client Recommended Security Solutions • TrustSec / Anyconnect Secure Mobility can be done TODAY and solutions Nexus 1000V, Virtual Security Gateway, • • • Cisco:ASA Firewall independent would be OS with SecureX module • FWSM, ACE, ASA, Nexus 1000v • SA 500 / SR 520 (SBPF) • 3rd party: vShield, NetApp vFiler • ISR / ASA (SNF)© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  35. 35. Cloud Services / Applications (including the software to automate / orchestrate the software / application)Cloud Infrastructure Orchestration SoftwareOrchestration /Management Infrastructure Abstraction / Management Software Assurance SoftwareDCI / Hybrid Data Center Interconnect Scalable, Multi-Tenant Scalable, Multi-Tenant L2/3 DC Networking L2/3 DC Networking Security Features L4-7 Security Features L4-7Cloud Services ServicesInfrastructure Integrated Integrated(aka VMDC) Integrated Compute Stack Integrated Compute Stack Integrated –Compute Stack Vblock, Integrated Integrated –Compute Stack Vblock, Integrated FlexPod, etc. Stack –Compute Vblock, FlexPod, etc. Stack –Compute Vblock, FlexPod, etc. Stack –Compute Vblock, FlexPod, etc. Stack –Compute Vblock, – Vblock, FlexPod, etc. – Vblock, FlexPod, etc. FlexPod, etc. FlexPod, etc. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  36. 36. VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Nexus 1000V vPath vPath Distributed VirtualVirtual Switch Distributed Switch Ready for upgrade VSG© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
  37. 37. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  38. 38. Enabling Providers to offer trusted Cloud solutions & services Tailored Solutions Rich Ecosystem with Accelerate the Use for Building Clouds Integrated Solutions of Cloud Services Research In Motion SAMSUNG Enable customers to Enable customers to Enable customers to deploy cloud services build and operate deploy tested, best to collaborate and public or private clouds of breed solutions secure their business© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
  39. 39. Thank you.© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
  40. 40. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  41. 41. THE WHOLETECHNOLOGY STACKfrom start to finish
  42. 42. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  43. 43. VIDEOYour source of live information – all the presentations from our live events
  44. 44. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  45. 45. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  46. 46. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  47. 47. ALL FREE TO ACCESS 24/7
  48. 48. online.ipexpo.co.uk

×