The security measures discussed in this IBM Redpapers™ publication represent best practice implementations for cloud security. In this paper, we presented guidance on cloud computing security. We examined the major security challenges for cloud providers and their clients, and we discussed concrete guidelines for the implementation of cloud security
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
Recently, Microsoft introduced Microsoft 365, which brings together Office 365, Windows 10, and Enterprise Mobility + Security. We’ll explore what this combination of products means for an organisation looking to ensure GDPR compliance and additional Office 365 products that you can layer to help you meet your obligations.
Azure Arc offers simplified management, faster app development, and consistent Azure services. Easily organize, govern, and secure Windows, Linux, SQL Server, and Kubernetes clusters across data centers, the edge, and multicloud environments right from Azure. Architect, design, and build cloud-native apps anywhere without sacrificing central visibility and control. Get Azure innovation and cloud benefits by deploying consistent Azure data, application, and machine learning services on any infrastructure.
Gain central visibility, operations, and compliance
Centrally manage a wide range of resources including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services.
Establish central visibility in the Azure portal and enable multi-environment search with Azure Resource Graph.
Meet governance and compliance standards for apps, infrastructure, and data with Azure Policy.
Delegate access and manage security policies for resources using role-based access control (RBAC) and Azure Lighthouse.
Organize and inventory assets through a variety of Azure scopes, such as management groups, subscriptions, resource groups, and tags.
Learn more about hybrid and multicloud management in the Microsoft Cloud Adoption Framework for Azure.
One of the biggest announcements at the Microsoft Ignite 2019 is Azure Arc – the hybrid and multi-cloud platform from Microsoft.
View this content to learn how Azure Arc allows enterprises to manage on-prem and cloud resources like Windows VMs, Linux Servers, Kubernetes clusters, and Azure data services by centrally organizing and governing from a single place.
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Simplilearn
This presentation about Azure for beginners will help you understand what is cloud computing, what is Microsoft Azure, what are the services Azure offers, why is Azure better, which companies use Azure and you will also see a use case where we utilize some of the Azure cloud services. Cloud computing refers to the method of using the internet to store data, manage data and process data and Microsoft Azure is on such cloud service provider. It works on the basis of cloud computing. Microsoft Azure is a set of cloud services to build, manage and deploy applications on a network with the help of tools and frameworks. With the vast majority of organizations the world over adopting the cloud, demand for skilled professionals in this field is high. High salaries and a vast range of options for cloud computing experts have made it a sought-after industry for IT professionals. Now, let us get started and understand what is Microsoft Azure and the services that it has got to offer us.
Below topics are explained in this Azure presentation for beginners:
1. What is cloud computing?
2. What is Microsoft Azure?
3. What are the services Azure offers?
4. Why is Azure better?
5. Which companies use Azure?
6. Microsoft Azure Demo
About Simplilearn Machine Learning course:
Simplilearn's Developing Microsoft® Azure Solutions (70-532) certification training program is designed to give you mastery in Microsoft Azure enterprise-grade cloud platform. Through demos & practical applications, you’ll learn to design, develop, implement, automate, and monitor resilient and scalable cloud solutions on the Azure platform. The course will enable you to explore Microsoft Azure development environment and Azure platform features and learn development tools, techniques and approaches used to build and deploy cloud apps.
What skills will you learn from this Azure certification training course?
By the end of this Azure certification course, you will be able to:
1. Design and implement Web Apps
2. Create and manage virtual machines
3. Design and implement cloud services
4. Design and implement a storage strategy
5. Manage application and network services
Who should take up this Microsoft Azure certification training course?
This course is an essential requirement for those developers who need a strong understanding of concepts and practices related to cloud app development & deployment. Applicable careers include:
1 .NET Developers
2. Solution Architects/ Team Leads
3. DevOps Engineers / Application Engineers / QA Engineers
Learn more at https://www.simplilearn.com/cloud-computing/microsoft-azure-fundamentals-training
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
Recently, Microsoft introduced Microsoft 365, which brings together Office 365, Windows 10, and Enterprise Mobility + Security. We’ll explore what this combination of products means for an organisation looking to ensure GDPR compliance and additional Office 365 products that you can layer to help you meet your obligations.
Azure Arc offers simplified management, faster app development, and consistent Azure services. Easily organize, govern, and secure Windows, Linux, SQL Server, and Kubernetes clusters across data centers, the edge, and multicloud environments right from Azure. Architect, design, and build cloud-native apps anywhere without sacrificing central visibility and control. Get Azure innovation and cloud benefits by deploying consistent Azure data, application, and machine learning services on any infrastructure.
Gain central visibility, operations, and compliance
Centrally manage a wide range of resources including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services.
Establish central visibility in the Azure portal and enable multi-environment search with Azure Resource Graph.
Meet governance and compliance standards for apps, infrastructure, and data with Azure Policy.
Delegate access and manage security policies for resources using role-based access control (RBAC) and Azure Lighthouse.
Organize and inventory assets through a variety of Azure scopes, such as management groups, subscriptions, resource groups, and tags.
Learn more about hybrid and multicloud management in the Microsoft Cloud Adoption Framework for Azure.
One of the biggest announcements at the Microsoft Ignite 2019 is Azure Arc – the hybrid and multi-cloud platform from Microsoft.
View this content to learn how Azure Arc allows enterprises to manage on-prem and cloud resources like Windows VMs, Linux Servers, Kubernetes clusters, and Azure data services by centrally organizing and governing from a single place.
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Simplilearn
This presentation about Azure for beginners will help you understand what is cloud computing, what is Microsoft Azure, what are the services Azure offers, why is Azure better, which companies use Azure and you will also see a use case where we utilize some of the Azure cloud services. Cloud computing refers to the method of using the internet to store data, manage data and process data and Microsoft Azure is on such cloud service provider. It works on the basis of cloud computing. Microsoft Azure is a set of cloud services to build, manage and deploy applications on a network with the help of tools and frameworks. With the vast majority of organizations the world over adopting the cloud, demand for skilled professionals in this field is high. High salaries and a vast range of options for cloud computing experts have made it a sought-after industry for IT professionals. Now, let us get started and understand what is Microsoft Azure and the services that it has got to offer us.
Below topics are explained in this Azure presentation for beginners:
1. What is cloud computing?
2. What is Microsoft Azure?
3. What are the services Azure offers?
4. Why is Azure better?
5. Which companies use Azure?
6. Microsoft Azure Demo
About Simplilearn Machine Learning course:
Simplilearn's Developing Microsoft® Azure Solutions (70-532) certification training program is designed to give you mastery in Microsoft Azure enterprise-grade cloud platform. Through demos & practical applications, you’ll learn to design, develop, implement, automate, and monitor resilient and scalable cloud solutions on the Azure platform. The course will enable you to explore Microsoft Azure development environment and Azure platform features and learn development tools, techniques and approaches used to build and deploy cloud apps.
What skills will you learn from this Azure certification training course?
By the end of this Azure certification course, you will be able to:
1. Design and implement Web Apps
2. Create and manage virtual machines
3. Design and implement cloud services
4. Design and implement a storage strategy
5. Manage application and network services
Who should take up this Microsoft Azure certification training course?
This course is an essential requirement for those developers who need a strong understanding of concepts and practices related to cloud app development & deployment. Applicable careers include:
1 .NET Developers
2. Solution Architects/ Team Leads
3. DevOps Engineers / Application Engineers / QA Engineers
Learn more at https://www.simplilearn.com/cloud-computing/microsoft-azure-fundamentals-training
Getting started with Azure – Part 1 | TechMeet360BizTalk360
As an initiative by TechMeet360, the Tech Community of BizTalk360, we are conducting an Azure Meetup series. In the first part of the series, Microsoft Azure MVP @Kuppurasu Nagaraj gives a detailed look at getting started with Microsoft Azure Cloud Computing and Azure App Services.
Azure. Cloud for all.
These 4 pillars represent the main value proposition for what differentiates Azure from the competition.
As you can see in the proof points, these are the reason why customers choose Microsoft, because of the unique value that we provide in a productive, hybrid, intelligent, and trusted cloud.
With Azure, you can do—or be—all of these things.
Productive
Get unparalleled developer productivity with integrated tools from mobile DevOps to serverless computing.
Learn about accelerating innovation
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Learn about our consistent hybrid cloud
Intelligent
Create intelligent apps that delight with data-driven experiences. Go quickly from concept to release with Azure data services and artificial intelligence, from image recognition to bot services.
Learn about intelligent apps
Trusted
Join startups, governments, and 90 percent of Fortune 500s that trust the Microsoft Cloud for security, privacy, transparency, and the most compliance coverage of any cloud provider.
What is Microsoft Azure used for?-Microsoft azure Zabeel Institute
Microsoft Azure, commonly described as Azure, is a cloud computing solution created by Microsoft for building, screening, deploying, and taking care of applications and services through Microsoft-managed data centers.
In early 2019, Microsoft created the AZ-900 Microsoft Azure Fundamentals certification. This is a certification for all individuals, IT or non IT background, who want to further their careers and learn how to navigate the Azure cloud platform.
Learn about AZ-900 exam concepts and how to prepare and pass the exam
Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
In early 2019, Microsoft created the AZ-900 Microsoft Azure Fundamentals certification. This is a certification for all individuals, IT or non IT background, who want to further their careers and learn how to navigate the Azure cloud platform.
Learn about AZ-900 exam concepts and how to prepare and pass the exam
Adelaide Global Azure Bootcamp 2018 - Azure 101Balabiju
A one day session that covers all the foundation of Azure services.
Microsoft Cloud Overview - IaaS, PaaS and SaaS
• Microsoft Azure Resource Manager (ARM)
• Microsoft Azure Storage
• Microsoft Azure Virtual Machines
• Microsoft Azure Identity
• Microsoft Azure Backup
Azure Arc is a solution that simplifies management across different hybrid clouds or multi-clouds. Azure Arc extends Azure management and security beyond the walls of Azure to other cloud platforms or on-premises environments enabling you to make use of Azure services to manage infrastructure at these environments. In this session, you will be introduced to Azure Arc, why should you use it and how to make use of it in different scenarios.
This is a brief introduction to Microsoft Azure cloud. I used these slides in an intro session for developers. I did few demos during the session that not included in the slide. Brand name and logos are properties of their respective owners.
Getting started with Azure – Part 1 | TechMeet360BizTalk360
As an initiative by TechMeet360, the Tech Community of BizTalk360, we are conducting an Azure Meetup series. In the first part of the series, Microsoft Azure MVP @Kuppurasu Nagaraj gives a detailed look at getting started with Microsoft Azure Cloud Computing and Azure App Services.
Azure. Cloud for all.
These 4 pillars represent the main value proposition for what differentiates Azure from the competition.
As you can see in the proof points, these are the reason why customers choose Microsoft, because of the unique value that we provide in a productive, hybrid, intelligent, and trusted cloud.
With Azure, you can do—or be—all of these things.
Productive
Get unparalleled developer productivity with integrated tools from mobile DevOps to serverless computing.
Learn about accelerating innovation
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Learn about our consistent hybrid cloud
Intelligent
Create intelligent apps that delight with data-driven experiences. Go quickly from concept to release with Azure data services and artificial intelligence, from image recognition to bot services.
Learn about intelligent apps
Trusted
Join startups, governments, and 90 percent of Fortune 500s that trust the Microsoft Cloud for security, privacy, transparency, and the most compliance coverage of any cloud provider.
What is Microsoft Azure used for?-Microsoft azure Zabeel Institute
Microsoft Azure, commonly described as Azure, is a cloud computing solution created by Microsoft for building, screening, deploying, and taking care of applications and services through Microsoft-managed data centers.
In early 2019, Microsoft created the AZ-900 Microsoft Azure Fundamentals certification. This is a certification for all individuals, IT or non IT background, who want to further their careers and learn how to navigate the Azure cloud platform.
Learn about AZ-900 exam concepts and how to prepare and pass the exam
Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
In early 2019, Microsoft created the AZ-900 Microsoft Azure Fundamentals certification. This is a certification for all individuals, IT or non IT background, who want to further their careers and learn how to navigate the Azure cloud platform.
Learn about AZ-900 exam concepts and how to prepare and pass the exam
Adelaide Global Azure Bootcamp 2018 - Azure 101Balabiju
A one day session that covers all the foundation of Azure services.
Microsoft Cloud Overview - IaaS, PaaS and SaaS
• Microsoft Azure Resource Manager (ARM)
• Microsoft Azure Storage
• Microsoft Azure Virtual Machines
• Microsoft Azure Identity
• Microsoft Azure Backup
Azure Arc is a solution that simplifies management across different hybrid clouds or multi-clouds. Azure Arc extends Azure management and security beyond the walls of Azure to other cloud platforms or on-premises environments enabling you to make use of Azure services to manage infrastructure at these environments. In this session, you will be introduced to Azure Arc, why should you use it and how to make use of it in different scenarios.
This is a brief introduction to Microsoft Azure cloud. I used these slides in an intro session for developers. I did few demos during the session that not included in the slide. Brand name and logos are properties of their respective owners.
dlaczego konwersja do dokumentów, książek cyfrowych jest grzechem i co trzeba zrobić aby jej uniknąć.
W prezentacji zostały pokazane rozwiązania firmy Inpingo. Pokazujemy też na co zwrócić uwagę projektując ebooka w kontekście róznych kategorii książek.
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
The Management of Security in Cloud Computing
Ramgovind S, Eloff MM, Smith E
School of Computing, University of South Africa, Pretoria, South Africa
[email protected]; {eloff, smithe}@unisa.ac.za
Abstract—Cloud computing has elevated IT to newer limits
by offering the market environment data storage and capacity
with flexible scalable computing processing power to match
elastic demand and supply, whilst reducing capital expenditure.
However the opportunity cost of the successful implementation of
Cloud computing is to effectively manage the security in the
cloud applications. Security consciousness and concerns arise as
soon as one begins to run applications beyond the designated
firewall and move closer towards the public domain. The purpose
of the paper is to provide an overall security perspective of Cloud
computing with the aim to highlight the security concerns that
should be properly addressed and managed to realize the full
potential of Cloud computing. Gartner’s list on cloud security
issues, as well the findings from the International Data
Corporation enterprise panel survey based on cloud threats, will
be discussed in this paper.
Keywords- Cloud computing; Security; Public cloud, Private
cloud, Hybrid Cloud, policies, cloud transparency
I. INTRODUCTION
The success of modern day technologies highly depends on
its effectiveness of the world’s norms, its ease of use by end
users and most importantly its degree of information security
and control. Cloud computing is a new and emerging
information technology that changes the way IT architectural
solutions are put forward by means of moving towards the
theme of virtualisation: of data storage, of local networks
(infrastructure) as well as software [1-2].
In a survey undertaken by the International Data
Corporation (IDC) group between 2008 and 2009, the majority
of results point to employing Cloud computing as a low-cost
viable option to users [3]. The results also show that Cloud
computing is best suited for individuals who are seeking a
quick solution for startups, such as developers or research
projects and even e-commerce entrepreneurs. Using Cloud
computing can help in keeping one’s IT budget to a bare
minimum. It is also ideally suited for development and testing
scenarios. It is the easiest solution to test potential proof of
concepts without investing too much capital. Cloud computing
can deliver a vast array of IT capabilities in real time using
many different types of resources such as hardware, software,
virtual storage once logged onto a cloud. Cloud computing can
also be part of a broader business solution whereby prioritised
applications utilise Cloud computing functionality whilst other
critical applications maintain organisational resources as per
normal. This allows for cost saving whilst maintaining a secure
degree of control within an orgainsation.
Cloud computing can be seen as a service-oriented ...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
The cloud is a network of virtual computers that are linked together and may exhibit and offer computational capabilities continuously depending on certain Service Level Agreements (SLAs) that have been agreed between the parties to a contract between the clients and the internet provider. Cloud computing has several benefits, including endless computational resources, cheap cost, security controls, hypervisor protection, instantaneous elasticity, high throughput, and fault-tolerant solutions with increased performance. Since cloud computing is a comparatively recent computing model, there exists a lot of uncertainty about how well confidentiality of all levels, including host, network, data levels, and implementation, can be achieved. As a result, there still are important obstacles to cloud computing adoption. These constraints include security issues concerning privacy, compliance, and legal issues. When databases and software applications are moved from the cloud to large data centers, data management becomes a major challenge. Numerous security issues may develop while using cloud computing, including issues with privacy and control, virtualization and accessibility issues, confidentiality, management of credentials and identities, authentication of responding devices, and authenticity. In this paper, an effort is made to offer a comprehensive review of data security and threats in cloud computing.
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
The cloud is a network of virtual computers that are linked together and may exhibit and offer computational capabilities continuously depending on certain Service Level Agreements (SLAs) that have been agreed between the parties to a contract between the clients and the internet provider. Cloud computing has several benefits, including endless computational resources, cheap cost, security controls, hypervisor protection, instantaneous elasticity, high throughput, and fault-tolerant solutions with increased performance. Since cloud computing is a comparatively recent computing model, there exists a lot of uncertainty about how well confidentiality of all levels, including host, network, data levels, and implementation, can be achieved. As a result, there still are important obstacles to cloud computing adoption. These constraints include security issues concerning privacy, compliance, and legal issues. When databases and software applications are moved from the cloud to large data centers, data management becomes a major challenge. Numerous security issues may develop while using cloud computing, including issues with privacy and control, virtualization and accessibility issues, confidentiality, management of credentials and identities, authentication of responding devices, and authenticity. In this paper, an effort is made to offer a comprehensive review of data security and threats in cloud computing.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
Cloud computing has become one of the most interesting topics in the IT world today. Cloud model of computing as a resource has changed the landscape of computing as it promises of increased greater reliability, massive scalability, and decreased costs have attracted businesses and individuals alike. It adds capabilities to Information Technology’s. Over the last few years, cloud computing has grown considerably in Information Technology. As more and more information of individuals and companies are placed in the cloud, there is a growing concern about the safety of information. Many Companies that are considered to be giants in software industry like Microsoft are joining to develop Cloud services [1]. Despite the hype about the cloud, customers are reluctant to deploy their business in the cloud. Security issues is one of the biggest concerns that has been affecting the growth of cloud computing .It adds complications with data privacy and data protection continues to affect the market. Users need to understand the risk of data breaches in the cloud environment. The paper highlights issues related to cloud computing.
Security of Data in Cloud Environment Using DPaaSIJMER
The rapid development of cloud computing is giving way to more cloud services, due to
which security of services of cloud especially data confidentiality protection, becomes more critical.
Cloud computing is an emerging computing style which provides dynamic services, scalable and payper-use.
Although cloud computing provides numerous advantages, a key challenge is how to ensure
and build confidence that the cloud can handle user data securely. This paper highlights some major
security issues that exist in current cloud computing environments. The status of the development of
cloud computing security, the data privacy analysis, security audit, information check and another
challenges that the cloud computing security faces have been explored. The recent researches on data
protection regarding security and privacy issues in cloud computing have partially addressed some
issues. The best option is to build data-protection solutions at the platform layer. The growing appeal
of data protection as a service is that it enables to access just the resources you need at minimal
upfront expense while providing the benefits of enterprise-class data protection capabilities. The
paper proposes a solution to make existing developed applications for simple cloud Systems
compatible with DPaaS. The various security challenges have been highlighted and the various
necessary metrics required for designing DPaaS have been investigated.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
This IBM Redpaper provides a brief overview of OpenStack and a basic familiarity of its usage with the IBM XIV Storage System Gen3. The illustration scenario that is presented uses the OpenStack Folsom release implementation IaaS with Ubuntu Linux servers and the IBM Storage Driver for OpenStack. For more information on IBM Storage Systems, visit http://ibm.co/LIg7gk.
Visit http://bit.ly/KWh5Dx to 'Follow' the official Twitter handle of IBM India Smarter Computing.
Learn how all flash needs end to end Storage efficiency. For more information on IBM FlashSystem, visit http://ibm.co/10KodHl.
Visit http://bit.ly/KWh5Dx to 'Follow' the official Twitter handle of IBM India Smarter Computing.
Learn about vSphere Storage API for Array Integration on the IBM Storwize family. IBM Storwize V7000 Unified combines the block storage capabilities of Storwize V7000 with file storage capabilities into a single system for greater ease of management and efficiency. For more information on IBM Storage Systems, visit http://ibm.co/LIg7gk.
Visit http://bit.ly/KWh5Dx to 'Follow' the official Twitter handle of IBM India Smarter Computing.
Learn about IBM FlashSystem 840 and its complete product specification in this Redbook. FlashSystem 840 provides scalable performance for the most demanding enterprise class applications. IBM FlashSystem 840 accelerates response times with IBM MicroLatency to enable faster decision making. For more information on IBM FlashSystem, visit http://ibm.co/10KodHl.
Visit http://on.fb.me/LT4gdu to 'Like' the official Facebook page of IBM India Smarter Computing.
Learn about the IBM System x3250 M5,.The x3250 M5 offers the following energy-efficiency features to save energy, reduce operational costs, increase energy availability, and contribute to a green environment, energy-efficient planar components help lower operational costs. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210746104/IBM-System-x3250-M5
This Redbook talks about the product specification of IBM NeXtScale nx360 M4. The NeXtScale nx360 M4 server provides a dense, flexible solution with a low total cost of ownership (TCO). The half-wide, dual-socket NeXtScale nx360 M4 server is designed for data centers that require high performance but are constrained by floor space. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210745680/IBM-NeXtScale-nx360-M4
Learn about IBM System x3650 M4 HD which is a 2-socket 2U rack-optimized server. This powerful system is designed for your most important business applications and cloud
deployments. Outstanding RAS and high-efficiency design improve your business environment and help save operational costs. For more information on System x, visit http://ibm.co/Q7m3iQ.
Visit http://bit.ly/KWh5Dx to 'Follow' the official Twitter handle of IBM India Smarter Computing.
Here are the product specification for IBM System x3300 M4. This product can be managed remotely.The x3300 M4 server contains IBM IMM2, which provides advanced service-processor control, monitoring, and an alerting function. The IMM2 lights LEDs to help you diagnose the problem, records the error in the event log, and alerts you to the problem. For more information on System x, visit http://ibm.co/Q7m3iQ.
Visit http://on.fb.me/LT4gdu to 'Like' the official Facebook page of IBM India Smarter Computing.
Learn about IBM System x iDataPlex dx360 M4. IBM System x iDataPlex is an innovative data center solution that maximizes performance and optimizes energy and space efficiency. The iDataPlex solution provides customers with outstanding energy and cooling efficiency, multi-rack level manageability, complete flexibility in configuration, and minimal deployment effort. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210744055/IBM-System-x-iDataPlex-dx360-M4
This Redbook talks through the benefits and product specification of IBM System x3500 M4. The x3500 M4 offers a flexible, scalable design and simple upgrade path to 32 HDDs, with up to eight PCIe 3.0 slots and up to 768 GB of memory. A high-performance dual-socket tower server, the IBM System x3500 M4, can deliver the scalability, reliable performance, and optimized efficiency for your business-critical applications. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210742768/IBM-System-x3500-M4
Learn about system specification for IBM System x3550 M4. The x3550 M4 offers numerous features to boost performance, improve scalability, and reduce costs. Improves productivity by offering superior system performance with up to 12-core processors, up to 30 MB of L3 cache, and up to two 8 GT/s QPI interconnect links. For more information on System x, visit http://ibm.co/Q7m3iQ.
Learn about IBM System x3650 M4. The x3650 M4 is an outstanding 2U two-socket business-critical server, offering improved performance and pay-as-you grow flexibility along with new features that improve server management capability. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210741926/IBM-System-x3650-M4
Learn about the product specification of IBM System x3500 M3. System x3500 M3 has an energy-efficient design which works in conjunction with the IMM to govern fan rotation based on the readings that it delivers. This saves money under normal conditions because the fans do not have to spin at high speed. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210741626/IBM-System-x3500-M3
Learn about IBM System x3400 M3. The x3400 M3 offers numerous features to boost performance and reduce costs, x3400 M3 has the ability to grow with your application requirements with these features. Powerful systems management features simplify local and remote management of the x3400 M3. For more information on System x, visit http://ibm.co/Q7m3iQ.
Visit http://on.fb.me/LT4gdu to 'Like' the official Facebook page of IBM India Smarter Computing.
Learn about IBM System 3250 M3 which is a single-socket server that offers new levels of performance and flexibility
to help you respond quickly to changing business demands. Cost-effective and compact, it is well suited to small to mid-sized businesses, as well as large enterprises. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210740347/IBM-System-x3250-M3
Learn about IBM System x3200 M3 and its specifications. The System x3200 M3 features easy installation and management with a rich set of options for hard disk drives and memory. The efficient design helps to save energy and provide a better work environment with less heat and noise. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210739508/IBM-System-x3200-M3
Learn about the configuration of IBM PowerVC. IBM PowerVC is built on OpenStack that controls large pools of server, storage, and networking resources throughout a data center. IBM Power Virtualization Center provides security services that support a secure environment. Installation requires just 20 minutes to get a virtual machine up and running. For more information on Power Systems, visit http://ibm.co/Lx6hfc.
Visit http://on.fb.me/LT4gdu to 'Like' the official Facebook page of IBM India Smarter Computing.
Learn about Ibm POWER7 Virtualization Performance. PowerVM Lx86 is a cross-platform virtualization solution that enables the running of a wide range of x86 Linux applications on Power Systems platforms within a Linux on Power partition without modifications or recompilation of the workloads. For more information on Power Systems, visit http://ibm.co/Lx6hfc.
http://www.scribd.com/doc/210734237/A-Comparison-of-PowerVM-and-Vmware-Virtualization-Performance
Learn about IBM PureFlex Sytem and VMware vCloud Enterprise Suite. The IBM PureFlex System platform has been used to meet the hardware requirements in support of this reference architecture. All the components required to support vCloud Suite (including computing, networking, storage, and management interfaces). For more information on Pure Systems, visit http://ibm.co/J7Zb1v.
http://www.scribd.com/doc/210719868/IBM-pureflex-system-and-vmware-vcloud-enterprise-suite-reference-architecture
Learn how x6: The sixth generation of EXA Technology is fast, agile and Resilient for Emerging Workloads from Alex Yost. Vice President, IBM PureSystems and System x
IBM Systems and Technology Group. x6 drives cloud and big data for enterprises by achieving insight faster thereby outperforming competitors. For more information on System x, visit http://ibm.co/Q7m3iQ.
http://www.scribd.com/doc/210715795/X6-The-sixth-generation-of-EXA-Technology
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Furthermore, private clouds can provide lower latency than public clouds during peak traffic
periods. Many organizations embrace both public and private cloud computing by integrating
the two models into hybrid clouds. These hybrids are designed to meet specific business and
technology requirements, helping to optimize security and privacy with a minimum investment
in fixed IT costs.
Although the benefits of cloud computing are clear, so is the need to develop proper security
for cloud implementations. In the following sections, we provide an overview of key security
issues related to cloud computing, concluding with IBM recommendations on the
implementation of cloud security. The recommendations are built on various information
security frameworks and industry best practices.
Cloud security: the grand challenge
In addition to the usual challenges of developing secure IT systems, cloud computing
presents an added level of risk because essential services are often outsourced to a third
party. The externalized aspect of outsourcing makes it harder to maintain data integrity and
privacy, support data and service availability, and demonstrate compliance.
In effect, cloud computing shifts much of the control over data and operations from the client
organization to their cloud providers, much in the same way organizations entrust part of their
IT operations to outsourcing companies. Even basic tasks, such as applying patches and
configuring firewalls, can become the responsibility of the cloud service provider, not the user.
This means that clients must establish trust relationships with their providers and understand
the risk in terms of how these providers implement, deploy, and manage security on their
behalf. This trust but verify relationship between cloud service providers and consumers is
critical because the cloud service consumer is still ultimately responsible for compliance and
protection of their critical data, even if that workload had moved to the cloud. In fact, some
organizations choose private or hybrid models over public clouds because of the risks
associated with outsourcing services.
Other aspects about cloud computing also require a major reassessment of security and risk.
Inside the cloud, it is difficult to physically locate where data is stored. Security processes that
were once visible are now hidden behind layers of abstraction. This lack of visibility can create
a number of security and compliance issues.
In addition, the massive sharing of infrastructure with cloud computing creates a significant
difference between cloud security and security in more traditional IT environments. Users
spanning different corporations and trust levels often interact with the same set of computing
resources. At the same time, workload balancing, changing service level agreements, and
other aspects of today's dynamic IT environments create even more opportunities for
misconfiguration, data compromise, and malicious conduct.
Infrastructure sharing calls for a high degree of standardized and process automation, which
can help improve security by eliminating the risk of operator error and oversight. However, the
risks inherent with a massively shared infrastructure mean that cloud computing models must
still place a strong emphasis on isolation, identity, and compliance.
Cloud computing is available in several service models (and hybrids of these models). Each
presents different levels of responsibility for security management. Figure 1 on page 3 depicts
the different cloud computing models.
2 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
3. Figure 1 Cloud computing models
Evaluate different models of cloud computing
Different models of cloud computing have various ways of exposing their underlying
infrastructure to the user. This influences the degree of direct control over the management of
the computing infrastructure and the distribution of responsibilities for managing its security.
With the Software as a Service (SaaS) model, most of the responsibility for security
management lies with the cloud provider. SaaS provides a number of ways to control access
to the Web portal, such as the management of user identities, application level configuration,
and the ability to restrict access to specific IP address ranges or geographies.
Cloud models like Platform as a Service allow clients to assume more responsibilities for
managing the configuration and security for the middleware, database software, and
application runtime environments. The Infrastructure as a Service (IaaS) model transfers
even more control, and responsibility for security, from the cloud provider to the client. In this
model, access is available to the operating system that supports virtual images, networking,
and storage.
Organizations are intrigued with these cloud computing models because of their flexibility and
cost-effectiveness, but they are also concerned about security. Recent cloud adoption studies
by industry analysts and articles in the press have confirmed these concerns, citing the lack
of visibility and control, concerns about the protection of sensitive information, and storage of
regulated information in a shared, externally managed environment.
Note: A mass adoption of external, massively shared, and completely open cloud
computing platforms for critical IT services is considered to be still a few years away.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 3
4. In the near term, most organizations are looking at ways to leverage the services of external
cloud providers. These clouds would be used primarily for workloads with a low-risk profile,
where a one-size-fits-all approach to security with few assurances is acceptable, and where
price is the main differentiator. For workloads with a medium-to-high-risk profile involving
highly regulated or proprietary information, organizations are choosing private and hybrid
clouds that provide a significant level of control and assurance. These workloads will be
shifting into external clouds as they start offering tighter and more flexible security.
IBM provides a comprehensive framework for better understanding enterprise security. This
framework is depicted in Figure 2. In the following section, we take a closer look at this
framework to better understand the different aspects of a holistic security architecture.
Figure 2 The IBM Security Framework
Examine the IBM Security Framework
The IBM Security Framework was developed to describe security in terms of the business
resources that need to be protected, and it looks at the different resource domains from a
business point of view.
Based on the IBM Security Framework and informed by extensive discussions with IBM
clients, we provide a host of major security requirements in enterprise-class cloud computing
today. (For more information, refer to the IBM Redguide™ Introducing the IBM Security
Framework and IBM Security Blueprint to Realize Business-Driven Security, REDP-4528.)
Security governance, risk management, and compliance
Organizations require visibility into the security posture of their cloud. This includes
broad-based visibility into change, image, and incident management, as well as incident
reporting for tenants and tenant-specific log and audit data.
4 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
5. Visibility can be especially critical for compliance. The Sarbanes-Oxley Act, the Health
Insurance Portability and Accountability Act (HIPAA), European privacy laws, and many other
regulations require comprehensive auditing capabilities. Since public clouds are by definition
a black box to the subscriber, potential cloud subscribers may not be able to demonstrate
compliance. (A private or hybrid cloud, on the other hand, can be configured to meet those
requirements.)
In addition, providers sometimes are required to support third-party audits, and their clients
can be directed to support e-Discovery and forensic investigations when a breach is
suspected. This adds even more importance to maintaining proper visibility into the cloud.
In general, organizations often cite the need for flexible Service Level Agreements (SLAs) that
can be adapted to their specific situation, building on their experiences with strategic
outsourcing and traditional, managed services.
People and identity
Organizations need to make sure that authorized users across their enterprise and supply
chain have access to the data and tools that they need, when they need it, while blocking
unauthorized access. Cloud environments usually support a large and diverse community of
users, so these controls are even more critical. In addition, clouds introduce a new tier of
privileged users: administrators working for the cloud provider. Privileged-user monitoring,
including logging activities, becomes an important requirement. This monitoring should
include physical monitoring and background checking.
Identity federation and rapid onboarding capabilities must be available to coordinate
authentication and authorization with the enterprise back-end or third-party systems. A
standards-based, single sign-on capability is required to simplify user logons for both
internally hosted applications and the cloud, allowing users to easily and quickly leverage
cloud services.
Data and information
Most organizations cite data protection as their most important security issue. Typical
concerns include the way in which data is stored and accessed, compliance and audit
requirements, and business issues involving the cost of data breaches, notification
requirements, and damage to brand value. All sensitive or regulated data needs to be
properly segregated on the cloud storage infrastructure, including archived data.
Encrypting and managing encryption keys of data in transit to the cloud or data at rest in the
service provider's data center is critical to protecting data privacy and complying with
compliance mandates. The encryption of mobile media and the ability to securely share those
encryption keys between the cloud service provider and consumer is an important and often
overlooked need. Because moving large volumes of data quickly and cheaply over the
Internet is still not practical in many situations, many organizations must send mobile media,
such as an archive tape, to the cloud provider. It is critical that the data is encrypted and only
the cloud provider and consumer have access to the encryption keys.
Significant restrictions regarding data co-location can arise with cloud computing, depending
on an organization's location, the type of data it handles, and the nature of its business.
Several member states of the European Union (EU), for example, expressly forbid the
nonpublic personal information of its citizens to leave their borders.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 5
6. Note: A number of U.S. state governments do not allow the nonpublic personal information
of its employees to be sent offshore.
Additionally, a cloud deployment can raise export-law violation issues relative to encrypted
information, and the deployment can potentially expose intellectual property to serious
threats. The organization's legal counsel must perform a thorough review of all these
requirements prior to cloud deployment, making sure the organization can maintain control
over the geographic location of data in the provider infrastructure.
In areas involving users and data with different risk classes that are explicitly identified (such
as public and financial services), organizations need to maintain cloud-wide data
classification. The classification of the data will govern who has access, how that data is
encrypted and archived, and how technologies are used to prevent data loss.
Application and process
Clients typically consider cloud application security requirements in terms of image security.
All of the typical application security requirements still apply to the applications in the cloud,
but they also carry over to the images that host those applications. The cloud provider needs
to follow and support a secure development process. In addition, cloud users demand
support for image provenance and for licensing and usage control. Suspension and
destruction of images must be performed carefully, ensuring that sensitive data contained in
those images is not exposed.
Defining, verifying, and maintaining the security posture of images in regards to client-specific
security policies is an important requirement, especially in highly regulated industries.
Organizations need to ensure that the Web services they publish into the cloud are secure,
compliant, and meet their business policies. Leveraging secure-development best practices is
a key requirement.
Network, server, and endpoint
In the shared cloud environment, clients want to ensure that all tenant domains are properly
isolated and that no possibility exists for data or transactions to leak from one tenant domain
into the next. To help achieve this, clients need the ability to configure trusted virtual domains
or policy-based security zones.
As data moves further from the client's control, they expect capabilities like Intrusion
Detection and Prevention systems to be built into the environment. The concern is not only
intrusions into a client's trusted virtual domain, but also the potential for data leakages and for
extrusions, that is, the misuse of a client's domain to mount attacks on third parties. Moving
data to external service providers raises additional concerns about internal and
Internet-based denial of service (DoS) or distributed denial of service (DDoS) attacks.
Note: Because information security is a moving target, the environment must be reviewed
on a regular basis against prevalent threats and common vulnerabilities.
In a shared environment, all parties must agree on their responsibilities to review data and
perform these reviews on a regular basis. The organization must take the lead in terms of
contract management for any risk assessments or controls deployment that it does not
perform directly.
6 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
7. Where image catalogs are provided by the cloud provider, clients want these images to be
secure and properly protected from corruption and abuse. Many clients expect these images
to be cryptographically certified and protected.
Physical infrastructure
The cloud's infrastructure, including servers, routers, storage devices, power supplies, and
other components that support operations, should be physically secure. Safeguards include
the adequate control and monitoring of physical access using biometric access control
measures and closed circuit television (CCTV) monitoring. Providers need to clearly explain
how physical access is managed to the servers that host client workloads and that support
client data.
Guide to implementing a secure cloud
The following security measures represent general best practice implementations for cloud
security. At the same time, they are not intended to be interpreted as a guarantee of success.
Please consult with your IBM security services representative to identify the best practice
guidance for your specific implementation requirements.
Implement and maintain a security program.
Build and maintain a secure cloud infrastructure.
Ensure confidential data protection.
Implement strong access and identity management.
Establish application and environment provisioning.
Implement a governance and audit management program.
Implement a vulnerability and intrusion management program.
Maintain environment testing and validation.
Implement and maintain a security program
A security program can provide the structure for managing information security, and the risks
and threats to the target environment. In the event of a security breach, the security program
can provide crucial information as to how the cloud is protected, responses to threats, and a
line of accountability for management of events.
1. Security program implementation considerations.
When building a security program, the following recommendations should be taken into
consideration:
1.1. Evaluate and document the organization's culture as it relates to general security:
a. Evaluate current industry and organization specific requirements in establishing
best practices for secure infrastructure. For example, in the United States,
organizations in the health care industry may qualify as covered entities under
the Health Insurance Portability and Accountability Act (HIPAA).
b. If trade secrets form the basis for a company's competitive advantage, the
corporate security program must specify compliance requirements.
c. If export controls apply to a company's data, it is important to address a specific
compliance methodology for the data.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 7
8. d. Evaluate each proposed cloud application for its appropriateness to cloud
deployment. A careful discussion of a company's needs with the cloud provider or
with the builder of the secure infrastructure may be helpful in evaluating whether
and what type of cloud offering could work.
1.2. Prioritize the security attributes appropriate to your cloud implementation in order of
importance.
1.3. Create and maintain policies and procedures relative to how the organization will
address the various security considerations for clouds.
a. Policies should identify the threats to the cloud environment and its contents; they
have to be maintained in order to address current threats.
b. The policy should identify key metrics to monitor and the frequency at which they
should be evaluated; these metrics and measurements may be dictated by
industry regulations or best practices.
c. The policy should specify a structure for accountability.
d. The policy should provide response recommendations in the case of an event.
e. Recommended responses should identify key actions, personnel, and escalation
procedures within a specific time frame.
1.4. Work with the leadership or executive team responsible for the cloud
implementation to ensure understanding and support of the initiative.
1.5. Implement an organization-wide education program to communicate the security
policies and gain a general understanding of the policies.
a. Ensure that all persons with administrative roles complete required training
activities.
b. Ensure that the policy is published in a location that is easily accessible by all
those responsible for policy implementation and management.
1.6. Implement a system to ensure transparency of security status and anomalous
events.
1.7. Establish an audit program.
1.8. Implement an enforcement model to ensure to allow for communication of events
and accountability.
1.9. Create a notification program that communicates to appropriate personnel any
anomalous events in as close to real time as reasonably possible.
Build and maintain a secure cloud infrastructure
A secure infrastructure helps provide cloud resiliency and the confidence that the information
stored in the cloud is adequately protected. During the due diligence process, organizations
must ensure that the vendor can meet all business requirements, demonstrates an
understanding of all legal, regulatory, industry, and customer specific requirements, and has
the capacity to meet those requirements in a satisfactory manner.
2. Install and maintain a firewall configuration.
A firewall configuration should be installed and maintained following the following
recommendations:
2.1. Establish firewall configurations that include the following conditions:
a. A formal change management process for the firewall that results in formal
approval and acceptance of configuration changes.
8 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
9. b. A firewall should be placed at each external network interface, and between each
security zone within the cloud.
c. A diagram of network interfaces and locations that correlates to information flow
and firewall placement, which must consider the activation of virtualized
environments as well as soft firewall solutions.
d. A documented and maintained list of ports and services necessary for business
operations and continuity. The default setting for firewall ports should be to deny
access.
e. Justification and risk assessment for any firewall protocol exceptions or
anomalous design definitions.
f. Description of groups, roles, and definitions for logical network management.
g. Quarterly assessment of firewall and router configurations and rule sets.
h. Standards for firewall configuration and router configuration.
2.2. Build and deploy a firewall that denies access from “untrusted” sources or
applications, and adequately logs these events.
2.3. Build and deploy a firewall that restricts access from systems that have direct
external connection and those which contain confidential data or configuration data.
The configuration should include the following:
a. Specific restriction of traffic between specified filter ports and addresses.
b. Disallows direct access from external interfaces into the restricted network
zones.
c. Implementation of dynamic packet filtering.
d. Restriction of all inbound and outbound traffic to that information specified in the
documented and maintained list of ports and services.
e. Prevention of direct wireless access to the cloud infrastructure.
f. Prevention of internal address direct access to external interfaces.
2.4. Install perimeter firewalls between confidential and configuration data and external
interfaces where supported by the cloud host.
2.5. Installation of personal firewall software, solutions on external devices, such as
computers, mobile computers, mobile devices, and so on, that interface with the
cloud environment where supported by your cloud host.
2.6. Implement IP masks to prevent internal systems from being presented and
identified to external entities.
2.7. Implement a firewall to isolate confidential information, and ensure that all
confidential information is stored behind the firewall.
3. Do not use vendor supplied defaults for passwords and other security parameters.
Vendor supplied defaults for security parameters, such as passwords, should not be used.
3.1. Always change vendor supplied passwords and security parameters before
activating a server, or prior to the creation of virtual machine images.
3.2. Develop cloud configuration standards and guidelines for your organization.
Document these standards and ensure that your cloud environment is in
compliance. Ensure that these standards are consistent with industry hardening
guidelines.
3.3. Ensure that each virtual machine implements only one primary function.
3.4. Ensure that no unnecessary functions or processes are active.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 9
10. 3.5. Remove all unnecessary applications, scripts, or modules form the virtual system.
4. Protect administrative access.
All administrative access should be properly protected with access controls and secure
networking.
4.1. Use secure networking protocols for all administrative actions (SSH, SSL, IPSEC,
and VPN), with bi-directional authentication.
4.2. Require dual controls for all provider access to consumer resources (provider and
consumer authentication and authorization for operations).
4.3. Maintain am audit trail of administrative actions.
4.4. The cloud host should develop and publish configuration management guidelines.
4.5. Implement an Asset Discovery Mechanism to identify resources in use in the target
environment.
4.6. Regularly review Asset Maps to understand assets in the cloud environment.
4.7. Maintain a Configuration Data Store to enable auditability and general security
understanding.
5. Ensure patch management.
The implementation of a patch management program should be ensured.
5.1. The cloud host should develop and publish a patch and change management
program.
5.2. Develop a pre-production patch management system to enable business resiliency.
5.3. Ensure logging is enabled for all patch processes, and develop the appropriate
documentation.
5.4. Ensure that all systems, and applications are running the latest vendor supplied
patches, and updates within the specified period as specified in the patch and
change management program. Ensure that an appropriate time frame is
established.
5.5. Establish a process or utilize a third-party vendor to maintain awareness of the
latest security vulnerabilities.
6. Implement a physical environment security plan.
A security plan for the physical environment should be implemented.
6.1. Ensure that the facility has the appropriate physical security controls to prevent
unauthorized access to critical areas within facilities and access to physical assets
and systems by intruders or unauthorized users.
6.2. Ensure that all employees with direct access to systems have full background
checks.
6.3. Ensure that all third-party providers have policies and procedures in place to
distinguish employees from visitors.
6.4. Ensure that the hosting service has adequate natural disaster protection.
7. Protect hybrid communications.
Communications between the remote and corporate infrastructures should be properly
protected.
7.1. Ensure that access to the corporate infrastructure is only possible through secure
communications.
10 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
11. 7.2. Ensure that all communications between remote and corporate infrastructures are
encrypted.
7.3. Ensure that communications can only originate from the corporate infrastructure.
7.4. Ensure that the corporate infrastructure is protected by a firewall.
7.5. Ensure that all communications between remote and corporate infrastructures can
occur only over a dedicated network pipe.
7.6. Limit the number of users with administrative access to both corporation and
remote infrastructures.
7.7. Make adequate provisions for protected out-of-band communications in the event of
an emergency.
Ensure confidential data protection
Data protection is a core principle of information security. All of the prevalent information
security regulations and standards, as well as the majority of industry best practices, require
that sensitive information be adequately protected in order to preserve confidentiality.
Confidentiality of such data is required no matter where that data is resident in the chain of
custody, including the cloud environment.
8. Protect Personally Identifiable Information (PII).
PII should be carefully handled and protected.
8.1. Develop and publish rules for the origination, capture, handling, transmission,
storage, and disposal of PII data.
8.2. Consult with a legal advisor for requirements applicable to you/your industry.
8.3. Develop a PII Breach Policy notification strategy and policy for communication of
breach information, in accordance with national, state, and Federal law, and
industry regulation and best practices.
8.4. Develop a PII data inventory and classification schema.
8.5. Keep PII information storage to a minimum by adopting the following policies:
a. Develop and implement a data retention policy.
b. Securely destroy all non-essential PII data (regulatory requirements may apply).
9. Securely destroy all non-essential PII.
PII information not essential to the business should be securely destroyed.
9.1. Mask displayed PII information when appropriate (for example, display subset of
Social Security Numbers).
9.2. Render PII Information unreadable whenever stored.
9.3. Ensure that PII information in memory is unreadable and un-addressable by client
technologies.
9.4. Ensure that PII information is not recorded in log files or other system files.
9.5. Ensure logging of all PII information extracts occurs to mitigate data leakage.
10.Protect confidential and business critical data.
Develop and implement a policy to protect confidential and business critical data.
10.1. Develop and publish rules for the origination, capture, handling, transmission,
storage, and disposal of confidential data.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 11
12. 10.2. Develop a PII breach policy notification strategy and policy for communication of
breach information, in accordance with national, state, and Federal law, and
industry regulation and best practices.
10.3. Develop and maintain a confidential data inventory and classification schema.
10.4. Keep confidential information storage to a minimum by adopting the following
policies:
a. Develop and implement a data retention policy.
b. Securely destroy all non-essential confidential information (regulatory
requirements may apply).
10.5. Perform an assessment of data impact before deploying the data to the cloud,
which should consist of documenting and assessing risk tolerance.
10.6. Do not permit storage of sensitive information prior to authentication of the user.
11.Protect intellectual property.
Develop and implement a policy to protect intellectual property.
11.1. Prior to any public cloud deployment, the organization's risk assessment should
include intellectual property that may be exposed.
11.2. When using a public cloud, the organizations' general counsel should ensure that
SLA agreements cover the protection of intellectual property.
11.3. When deploying to a public cloud, organizations should attempt to obscure
intellectual property as much as possible through encryption, or other mechanisms,
which create difficulty for malicious users to reverse-engineer the information.
12.Protect encryption keys from misuse or disclosure.
Ensure that encryption keys are securely managed to prevent misuse or disclosure.
12.1. Fully document and implement a key storage management program, inclusive of
the following topics:
a. Generation of minimum key strength guidelines and policies.
b. A secure key distribution and management methodology.
c. Periodic recycling of keys annually, at minimum.
d. A methodology for destruction of old or inactive keys.
e. A mechanism to ensure prompt disposal and replacement of suspected
compromised keys.
f. A process for notification of suspected compromised key events.
g. Prevent the unauthorized substitution of keys.
h. Split-knowledge and establishment of dual control of keys.
i. Rules regarding record information must be documented and appropriate
archival mechanisms must be put in place.
12.2. Implement a key management program:
a. Apply the principle of least-privilege when granting access to keys.
b. Regularly review user access rights to keys.
c. Store keys in as few a places as possible.
d. Log all access to keys.
12 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
13. 13.Secure data communications.
Implement a secure data communications policy.
13.1. Document and publish guidance for the means and requirements of data
communication.
13.2. Utilize strong cryptography and security protocols, such as SSL/TLS and IPSEC, to
protect sensitive information.
13.3. Never send unencrypted PII or confidential information by e-mail.
13.4. Use a secure network protocol when connecting to a secure information store.
13.5. Ensure that when archives are being created and that secure transports are
utilized.
14.Implement data loss prevention.
Implement a data loss prevention (DLP) mechanism to prevent data leakage.
14.1. Implement a DLP mechanism to prevent accidental or intentional leakage of
information.
14.2. Ensure that the DLP mechanisms provide appropriate reporting.
14.3. Ensure that your DLP solution is integrated with security policies.
15.Protect application information.
Ensure that applications are protecting the information that they are processing.
15.1. Implement a code review of all client code that manipulates personal or sensitive
data, and document the types of information stored.
15.2. Ensure that all PII or confidential information is stored in an unreadable format.
15.3. Ensure that any PII or sensitive information stored in cookies is encrypted and in an
unreadable format.
15.4. Prevent routine storage of encryption keys in local systems.
15.5. Prevent the caching of PII or sensitive Information.
15.6. When displaying PII or sensitive information, ensure that masking is implemented
for fields that display data.
15.7. Do not allow storage of sensitive data as constant variables in the application.
15.8. Regularly scan Web applications for vulnerabilities.
Implement strong access and identity management
Access and identity management are critical to cloud security. They limit access to data and
applications to authorized and appropriate users.
16.Implement a least privilege model.
Ensure that users' access privileges are appropriate, and that secure access mechanisms
are in place.
16.1. Regularly evaluate the users' access list to ensure that only appropriate levels of
access are granted, and only personnel with an authorized need have access to
systems.
16.2. Establish a policy for systems that have multiple users, restricting access based on
need-to-know.
16.3. Ensure that systems verify and check the identity of all users against an approved
access list prior to granting access.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 13
14. 16.4. Ensure that an approved authentication mechanism is in place.
16.5. Implement multi-factor authentication access to all systems and administrative
systems.
16.6. For access to administrative functions, implement technologies such as dial-in and
remote authentication VPN (SSL/TLS and IPSEC) with individual certificates.
16.7. Encrypt all passwords during transmission and storage.
16.8. To ensure that proper authentication and password management functions on all
system elements, utilize the following as guidelines:
a. Control management of user ID credentials and other ID information.
b. Verify a user identity prior to password change or reset.
c. Require that users change their password upon first entry into the application.
d. Promptly revoke access for terminated users.
e. Remove inactive accounts at least every 30 days.
f. Ensure documentation of password and ID policies, and train employees in
guidelines.
g. Ensure that contractor and hosting passwords are only enabled during
maintenance schedules.
h. Do not allow group, shared, or generic accounts or passwords.
i. Require users to change passwords at predefined interval (30, 60, or 90) days.
j. Require complex passwords for users that contain alpha and numeric characters.
k. Limit password reuse to a prescribed number (for example, disallow reuse of the
last 3 passwords).
l. Limit the number of failed password attempts a user may attempt prior to being
locked out of a system.
m.Set an inactive expiration period for all systems in cases where confidential data
requires a user to re-authenticate to the system.
n. Apply a lockout rule that either has a time constraint, or requires re-activation as
a service function.
17.Implement federated identity management.
Identity federation should be deployed to securely exchange identity information.
17.1. Ensure that a federated identity management is implemented when bridging cloud
environments.
17.2. Ensure that when federating identities a system of identity confidence is
implemented to prevent identity spoofing.
Establish application and environment provisioning
In a centrally managed cloud environment, it is essential to have automated provisioning
functionality in place.
18.Implement a program for application provisioning.
Design and implement a program for provisioning images and applications.
18.1. Ensure that an approved process for provisioning virtual images is in place.
18.2. Ensure that the provisioning system applies access rights at the time of
provisioning.
14 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
15. 18.3. Ensure that the provisioning management has the appropriate security and
authorization controls.
18.4. Ensure that application and virtual image de-provisioning activities are logged.
18.5. Ensure that all changes to access of virtual images and applications are logged.
18.6. Regularly review provisioning management system access to ensure that only least
privileged access rules are enforced.
18.7. Ensure that a mechanism is in place that governs destruction of outdated or invalid
virtual images.
Implement a governance and audit management program
To be prepared for regulatory or internal audits, you need to have a program in place that
defines when, how, and where to collect log and audit information.
19.Implement a privacy management program.
19.1. Implement a privacy management program with the following attributes:
a. Create an understanding of what PII and business confidential information exists
and is managed.
b. Prioritize PII and confidential information relative to risk and regulatory impacts.
c. Write policies on usage, retention, modification, and deletion of PII and
confidential data.
d. Work with executive and leadership teams to validate the program.
e. Implement a process for monitoring policy compliance and exceptions.
f. Create an education program relative to the policy.
g. Create an audit program for policies.
h. Create rules for the enforcement and monitoring of policy.
i. Create a program/process for notification of the appropriate parties in the event
of a breach.
19.2. Add PII data to the data reference map to allow auditors and administrators to
identify threats to the cloud environment.
20.Implement mechanisms for audit capture and management.
Implement an audit management and records management program.
20.1. Work with your legal counsel to identify and document all applicable legal and
regulatory requirements for each cloud instance.
20.2. Based on the above, create policies for the capture and retention of legal and
regulatory documents.
20.3. Implement a regular review of retained information.
20.4. Implement an audit program to ensure that audit capture and retention policies are
enforced.
20.5. Ensure the collection of all legal and regulatory documents as required.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 15
16. 21.Document cross border protection and compliance.
Document, review, and enforce policies that ensure that data is handled and stored in
compliance with regulations and cross-border protection requirements.
21.1. All applicable regional, national, and international laws should be reviewed with
your legal counsel to understand the requirements related to the transfer and
utilization of storage by cloud consumers and hosts.
21.2. Document policies and procedures relative to those international, national, and
regional laws and regulations that affect the business, including:
a. Where data must be stored based on content and data consumer.
b. Who has access to data based on content and data consumer.
c. What protections (encryption, segregation, and so on) must be put in place to
protect data based on the aforementioned regional, national, and international
laws or regulations that affect the business.
21.3. Regularly review the various regulation and laws with your legal counsel that may
apply to the creation, storage, transmission, and destruction of data as it relates to
cross-border protections.
21.4. Ensure that in cases where consent is required, a record is maintained to confirm
that they data subject has provided said consent.
21.5. Ensure that data processors are aware of the activities and constraints that are
applicable with regard to the sensitive information.
Implement a vulnerability and intrusion management program
In a trusted cloud environment, you have to implement a strict vulnerability management
program and mechanisms such as intrusion detection systems (IDS) and intrusion prevention
systems (IPS) to ensure that IT resources (servers, network, infrastructure components, and
endpoints) are constantly monitored for vulnerabilities and breaches.
22.Implement and regularly update antivirus/anti-spyware and IDS/IPS.
Vulnerability scanning, antivirus, and intrusion detection and prevention mechanisms must
be deployed to protect the environment.
22.1. Deploy antivirus software on all supported systems that could be exposed to virus
or spyware attacks.
22.2. Ensure that selected programs can identify, isolate, or remove, and protect against
malicious software or processes.
22.3. Develop policies for machine classifications relative to antivirus management
protocols.
22.4. Ensure that all protection mechanisms are current and actively running, and
capable of generating logs.
22.5. Use network and host-based intrusion-detection or intrusion prevention systems to
monitor activity in the cloud environment and alert personnel to suspected
compromises.
22.6. Keep all intrusion-detection and prevention engines up-to-date.
a. Verify the use of intrusion-detection systems or intrusion-prevention systems and
that all traffic in the cloud environment is monitored.
b. Confirm that IDS or IPS are configured to alert personnel of suspected
compromises.
16 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
17. Maintain environment testing and validation
In order to maintain an intact cloud IT environment, you have to employ different mechanisms
for testing and validation.
23.Implement a change management process.
Document and implement a change management process.
23.1. Ensure that there is a documented configuration change management process in
place.
23.2. Follow a configuration change management process for systems and software
within the cloud. It should include the following:
a. Change request logging.
b. Impact assessment statement.
c. Pre-production test results and sign-off.
d. Process for roll back to a prior state.
24.Implement a data encryption and access program.
Implement a program to test that stored data is properly protected.
24.1. Test databases and other storage mediums to ensure that they are adequately
protected, and the proper encryption levels are applied.
25.Implement a program for secure application development and testing.
A secure application development and testing program should be implemented.
25.1. Develop software applications based on best practices, with security being a
conscious component of the initiative.
a. Validation of all security patches prior to production deployment.
b. Ensure that test and production environments are separate.
c. Ensure separation of duties between test, development, and administration
personnel.
d. Do not use production data that contains confidential or PII information in a test
environment.
e. Ensure removal of all test data and administrative information from the test
environment prior to conversion to production.
f. Ensure that all test accounts and custom accounts have been removed prior to
production activation.
g. Perform security code reviews on all code prior to release into production.
25.2. Develop all Web based applications using secure coding guidelines, such as those
provided by IBM, the Open Web Application Security Project, and so on. Regularly
review code for common security vulnerabilities. Include the following:
a. Un-validated inputs.
b. Broken or ineffective access controls.
c. Broken or ineffective authentication and session management.
d. Cross site scripting vulnerabilities.
e. Buffer overflow vulnerabilities.
f. Injection-based vulnerabilities, such as SQL, LDAP, and so on.
g. Improper or non-existent error handling.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 17
18. h. Insecure storage methods or technologies.
i. Insecure configuration management.
j. Susceptibility to denial of service attacks.
25.3. Ensure that trace and debug statements are removed from production code.
25.4. Ensure that the application does not have name enumeration errors.
25.5. Ensure that all Web facing applications are protected against known attacks by one
of the following mechanisms:
a. Installation of an application firewall.
b. Have a reliable third party review the application for security vulnerabilities.
25.6. Implement a program for network monitoring and testing.
25.7. Ensure that a process is in place that associates each unique ID with all activity,
especially those activities that relate to administrative activities.
25.8. Ensure that audit trails are enabled for all events, especially the following events:
a. Invalid login attempts.
b. Any administrative access attempts.
c. All events involving access to confidential or PII data.
d. Any access to systems functions or audit trails.
e. Activation or cessation of system functions or processes.
f. All administrative activities.
g. Any activation or cessation of virtual systems.
25.9. Record the following information at a bare minimum:
a. User ID.
b. Time of event.
c. Event description.
d. Event origin, if appropriate.
e. Event success or failure.
f. Affected entity.
25.10. Ensure that all audit trails are secured.
25.11. Limit access to administrative functions.
25.12. If possible, encrypt audit trails.
25.13. Ensure that audit trails are regularly backed up.
25.14. Use file monitoring and alteration detection to determine unauthorized changes to
files.
25.15. Ensure that clocks are synchronized.
25.16. Retain audit trail history for at least a year, or according to applicable regulatory
requirements.
25.17. Test security controls for validity by leveraging tools for verifying endpoints against
threats.
25.18. Test applications prior to deployment by leveraging commercial application and
service validation tools.
18 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
19. 25.19. Perform penetration testing at least once every 90 days to determine if
vulnerabilities have been introduced into your cloud environment.
25.20. Deploy file integrity monitoring solutions to identify the introduction of malicious
code.
Summary
Cloud computing provides an efficient, scalable, and cost-effective way for today’s
organizations to deliver business or consumer IT services over the Internet. A variety of
different cloud computing models are available, providing both solid support for core business
functions and the flexibility to deliver new services.
However, the flexibility and openness of cloud computing models have created a number of
security concerns. Massive amounts of IT resources are shared among many users, and
security processes are often hidden behind layers of abstraction. More to the point, cloud
computing is often provided as a service, so control over data and operations is shifted to
third-party service providers, requiring their clients to establish trust relationships with their
providers and develop security solutions that take this relationship into account.
In this paper, we presented guidance on cloud computing security. We examined the major
security challenges for cloud providers and their clients, and we discussed concrete
guidelines for the implementation of cloud security controls that are based on recognized
security frameworks and industry best practices.
The team that wrote this IBM Redpapers publication
This paper was produced by a team of specialists from around the world working at the
International Technical Support Organization, Austin Center.
Axel Buecker is a Certified Consulting Software IT Specialist at the International Technical
Support Organization, Austin Center. He writes extensively and teaches IBM classes
worldwide on areas of Software Security Architecture and Network Computing Technologies.
He holds a degree in Computer Science from the University of Bremen, Germany. He has 23
years of experience in a variety of areas related to Workstation and Systems Management,
Network Computing, and e-business Solutions. Before joining the ITSO in March 2000, Axel
worked for IBM in Germany as a Senior IT Specialist in Software Security Architecture.
Koos Lodewijkx is a portfolio manager in the IBM Corporate Security Strategy team, where
he is responsible for the coordination of security strategy development across the IBM
brands. He joined IBM in February 2007 when IBM acquired Consul risk management, a
leader in the compliance management solution development and delivery industry. While at
Consul, Koos held various management positions, and was product manager of Consul's
audit and compliance reporting product line.
Harold Moss is an Emerging Technologies Architect with the IBM Corporate Security
Strategy Team. He is responsible for providing technical insights into emerging security
technology directions, as well as existing ones. He was responsible for verifying and
validating architectural direction in a number of cloud and Web 2.0 based solutions, which
ensured alignment with customer needs and other IBM assets. Currently, Harold sits on
several IBM architecture boards and champions the delivery of assets for cloud computing
and Web 2.0 technologies.
Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security 19
20. Kevin Skapinetz is the portfolio manager for SaaS security at IBM Internet Security Systems.
In this position, he is responsible for defining and executing the strategic direction for IBM
security-as-a-service offerings. With 10 years of experience in information security and 7
years at ISS, Kevin has held variety of important positions in strategy, engineering, and
support. He recently played a central role in the Office of the CTO as a technology strategist,
where he guided the company's strategy for emerging technologies, including secure
virtualization and secure cloud computing. He also spent several years as the lead software
engineer for RealSecure Server Sensor, a multi-platform host intrusion prevention system.
Kevin holds a degree in Computer Science degree from Tulane University and a Master
degree in Information Security from the Georgia Institute of Technology.
Michael Waidner received a Doctorate (PhD) in Computer Science from the University of
Karlsruhe, Germany, in 1991. In 1994, after a few years as researcher and lecturer at the
University of Karlsruhe, he joined IBM Research in Rüschlikon, Switzerland, where he formed
and led one of the most successful industrial security research teams worldwide. Under his
leadership, the team made numerous fundamental contributions to science and IBM's product
and services portfolio, in areas such as cryptography, fault tolerance in distributed systems,
federated identity management, enterprise privacy management, security governance, and
risk management. In 2006, he moved from Switzerland to the US, and joined the IBM
Software Group in New York. In 2007, he led the creation of the IBM Security Architecture
Board, which has cross-IBM responsibility for architecture and technical strategy in security.
Michael has been chairing this board since the beginning, and established it as the core of
the virtual cross-IBM security technology organization. Michael has authored or co-authored
more than 110 scientific publications. He is a member of the IBM Academy of Technology, a
Fellow of the IEEE, and an ACM Distinguished Scientist.
Thanks to the following people for their contributions to this project:
Wade Wallace
International Technical Support Organization, Austin Center
Calvin Powers, Steven Bade, Marne Gordan, Latha Maripuri, Mari Heiser, Harriet Pearson,
Ellen Dulburger, Stephen Mortinger, Tony Nadalin, Ana Lacovetta, Ayomi Burge, Anna Coffey,
Annette Miller, David Boloker, Adi Sharabani, Mary Ellen Zurko, Kristof Klockner, Kristin
Lovejoy, Christopher Bauserman, Omkhar Arasaratnam, Heather Hinton, Steve Wojtowecz,
IBM
20 Cloud Security Guidance IBM Recommendations for the Implementation of Cloud Security
22. This document REDP-4614-00 was created or updated on November 2, 2009.
Send us your comments in one of the following ways: ®
Use the online Contact us review Redbooks form found at:
ibm.com/redbooks
Send your comments in an email to:
redbooks@us.ibm.com
Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. HYTD Mail Station P099
2455 South Road
Poughkeepsie, NY 12601-5400 U.S.A. Redpaper ™
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines
Corporation in the United States, other countries, or both. These and other IBM trademarked terms are
marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US
registered or common law trademarks owned by IBM at the time this information was published. Such
trademarks may also be registered or common law trademarks in other countries. A current list of IBM
trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both:
IBM® Redpaper™ Redbooks (logo) ®
Redguide™ Redpapers™
Other company, product, or service names may be trademarks or service marks of others.
22 Secure Cloud Guidance IBM recommendations for the implementation of cloud security