Building a Secure CloudEnvironment         Practical Planning Guide from Intel
Seven Steps for Planning Cloud Security        1              Start planning early.        2              Identify vulnera...
Step 1: Start Security Planning EarlyThink about the Fundamentals    1 What are the business priorities?    2 Which worklo...
Step 2: Identify VulnerabilitiesSeven Areas of Security Risk    1 Abuse and nefarious use of      cloud services    2 Inse...
Step 2: Identify VulnerabilitiesPhysical Layers at Risk    Growing attack target               Growing attack target      ...
Step 3: Mitigate VulnerabilitiesFour Things an IT Manager Can Do    1              Encrypt data that rests or moves in and...
Step 4: Protect DataSafeguard Data Throughout the Cloud                                                                   ...
Step 5: Secure Your InfrastructureProtect Client, Edge, andData Center Systems                                            ...
Step 6: Enable Compliance MonitoringBuild Higher Assurance into Compliance    Build trusted                       Ensure t...
Step 7: Choose the Right Cloud Service ProviderBuild Security into Your Evaluation     Make sure data and platform securit...
We Have a Lot More to Say aboutCloud Security                                                  •	 Read the planning guide,...
LegalThe information in this document is provided only for educational purposes and for the convenience of Intel customers...
Cloud Security Checklist and Planning Guide Summary
Upcoming SlideShare
Loading in …5
×

Cloud Security Checklist and Planning Guide Summary

2,710 views

Published on

A summary of the cloud security checklist and practical planning guide to help integrate security planning into cloud computing initiatives—from data center to endpoint devices. Includes encryption, infrastructure security, and trusted compute pools.

Published in: Technology
  • Be the first to comment

Cloud Security Checklist and Planning Guide Summary

  1. 1. Building a Secure CloudEnvironment Practical Planning Guide from Intel
  2. 2. Seven Steps for Planning Cloud Security 1 Start planning early. 2 Identify vulnerabilities. 3 Mitigate vulnerabilities. 4 Protect data. 5 Secure infrastructure. 6 Enable compliance monitoring. 7 Choose the right cloud service provider.2 INTEL IT CENTER | Peer Research
  3. 3. Step 1: Start Security Planning EarlyThink about the Fundamentals 1 What are the business priorities? 2 Which workloads do you want to move to the cloud? 3 How sensitive is the data? 4 What cloud delivery model works best? 5 What about compliance? 6 How will the data flow? 7 How will users access data and applications?3 INTEL IT CENTER | Peer Research
  4. 4. Step 2: Identify VulnerabilitiesSeven Areas of Security Risk 1 Abuse and nefarious use of cloud services 2 Insecure interfaces and APIs 3 Multitenancy and shared technology issues 4 Data loss or leakage 5 Account or service hijacking 6 Malicious insiders 7 “Unknown” risks4 INTEL IT CENTER | Peer Research
  5. 5. Step 2: Identify VulnerabilitiesPhysical Layers at Risk Growing attack target Growing attack target Emerging attack target Desktops, laptops, and Web servers, portal servers, Virtualization, database other mobile devices. e-mail servers, bridges, and management, and storage routers. infrastructure.5 INTEL IT CENTER | Peer Research
  6. 6. Step 3: Mitigate VulnerabilitiesFour Things an IT Manager Can Do 1 Encrypt data that rests or moves in and out of both private and public clouds. Control access by managing identities and manage 2 API control points at the network edge. 3 Establish trusted compute pools to secure data center infrastructure and protect clients. 4 Build higher assurance into compliance to streamline auditing and increase visibility into your cloud.6 INTEL IT CENTER | Peer Research
  7. 7. Step 4: Protect DataSafeguard Data Throughout the Cloud Data loss Accelerate and Accelerate secure Reduce data loss strengthen encryption connections through data loss prevention so that the performance for transferring encrypted (DLP) policies that proactively penalty is virtually data. detect threats, identify eliminated, paving the potential fraud, and avoid way for pervasive unauthorized data transfer. encryption.7 INTEL IT CENTER | Peer Research
  8. 8. Step 5: Secure Your InfrastructureProtect Client, Edge, andData Center Systems Strong Role Foundational Role Small Role 44% 1% Create secure clients Protect edge systems at Create a secure data center to ensure that only the API level infrastructure authorized users can where external software with hardware-based access the cloud and to interacts with the cloud technologies that build trust guard endpoint devices environment. between servers and between against rootkit and servers and clients. other low-level malware attacks. Total (n=200) 57% 37% 6 Already deployed (n=79) 62% 32% 68 INTEL IT CENTER | Peer Research
  9. 9. Step 6: Enable Compliance MonitoringBuild Higher Assurance into Compliance Build trusted Ensure the continued Support audit and security compute pools trustworthy status management of servers, which form of compute pools with by making trusted pool the foundation for routine integrity checks. integrity checks available to compliance in both public policy management, security and private clouds. information and event manager, and governance, risk management, and compliance solutions.9 INTEL IT CENTER | Peer Research
  10. 10. Step 7: Choose the Right Cloud Service ProviderBuild Security into Your Evaluation Make sure data and platform security are built into any offering. Establish measurable, enforceable service level agreements (SLAs) for verification. Search for cloud providers with Intel ® Cloud Finder based on key security and other criteria. Review the Security Considerations Checklist.10 INTEL IT CENTER | Peer Research
  11. 11. We Have a Lot More to Say aboutCloud Security • Read the planning guide, Cloud Security: Seven Steps for Building Security in the Cloud from the Ground Up. • Review proven cloud security reference architectures at Intel Cloud Builders. • Streamline the cloud service provider selection process at Intel Cloud Finder. • Learn more about cloud security at intel.com/cloudsecurity. Intel.com/ITCenter11 INTEL IT CENTER | Peer Research
  12. 12. LegalThe information in this document is provided only for educational purposes and for the convenience of Intel customers. The information contained hereinis subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to anyspecific situation or circumstance. This presentation is for informational purposes only. THIS DOCUMENT IS PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING ANYWARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OFANY PROPOSAL, SPECIFICATION, OR SAMPLE. Intel disclaims all liability, including liability for infringement of any property rights, relating to use of thisinformation. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted herein.Copyright © 2012 Intel Corporation. Intel, the Intel logo, Intel Sponsors of Tomorrow., and the Intel Sponsors of Tomorrow. logo are trademarks of IntelCorporation in the U.S. and other countries.12 INTEL IT CENTER | Peer Research

×