This white paper proposes that virtualized as-a-service environments can be made as secure as physical ones. The paper describes security challenges inherent in multi-tenant as-a-service environments. Design considerations of tenants and service providers, and how design is affected by information security or compliance requirements, are discussed.
The Cisco VMDC is a tested and validated reference architecture for the Cisco Unified Data Center. It provides a set of guidelines and best practices for the creation and deployment of a scalable, secure, and resilient infrastructure in the data center. The Cisco VMDC architecture demonstrates how to bring together the latest Cisco routing and switching technologies, network services, data center and cloud security, automation, and integrated solutions with those of Cisco's ecosystem of partners to develop a trusted approach to data center transformation. Specific benefits include:
Demonstrated solutions to critical technology-related problems in evolving IT infrastructure: Provides support for cloud computing, applications, desktop virtualization, consolidation and virtualization, and business continuance
Reduced time to deployment: Provides best-practice recommendations based on a fully tested and validated architecture, helping enable technology adoption and rapid deployment
Reduced risk: Enables enterprises and service providers to deploy new architectures and technologies with confidence
Increased flexibility: Enables rapid, on-demand, workload deployment in a multitenant environment using a comprehensive automation framework with portal-based resource provisioning and management capabilities
Improved operating efficiency: Integrates automation with a multitenant pool of computing, networking, and
storage resources to improve asset use, reduce operation overhead, and mitigate operation configuration errors
The Cisco VMDC architecture, consisting of the Cisco Unified Data Center and Cisco Data Center Interconnect (DCI) together with other architectural components such as infrastructure abstraction, orchestration and automation, assurance, and integrated services and applications, as shown below, provide comprehensive guidelines for deployment of cloud infrastructure and services at multiple levels.
The document discusses key trends driving the consolidation of processing workloads in embedded systems to make devices more secure, manageable and scalable. It describes how virtualization allows functions like security, communications, real-time processing and user interfaces to run separately on a single device. This enhances intelligence in Internet of Things applications by enabling features like remote management and analytics while improving performance, flexibility and reducing costs.
Security Architecture for Thin Client NetworkOyeniyi Samuel
This document summarizes a research paper on security architecture for thin client networks. It discusses some of the security challenges with thin client computing, such as the inability to identify users based on static IP addresses. It proposes using Dynamic Host Control Protocol (DHCP) to dynamically assign IP addresses to clients, enabling detection of MAC address spoofing. When login parameters don't match server information, an IP address conflict would be detected by the administrator. The paper also recommends segmenting the network and assigning a range of clients to each user account, making it possible for administrators to identify which network segment an attacker is on. All user data, applications and operating systems would be stored on the server rather than the client desktops.
This document summarizes a research paper on security issues related to cloud computing for micro, small, and medium enterprises (MSMEs). The paper discusses how MSMEs have started adopting cloud computing solutions to improve operations and cope with challenges from increasing competition. While cloud computing provides benefits like efficient applications and flexibility, security poses challenges when storing data remotely with unknown providers. The paper focuses on analyzing security risks for MSMEs adopting cloud technologies and identifying their needs, requirements, and expectations around cloud computing services.
This document summarizes a research paper on security issues related to cloud computing for micro, small, and medium enterprises (MSMEs). The paper discusses how MSMEs have started adopting cloud computing solutions to improve operations and cope with challenges from increasing competition. While cloud computing provides benefits like efficient applications and flexibility, security poses challenges when storing data remotely with unknown providers. The paper focuses on analyzing security risks for MSMEs adopting cloud technologies and identifying their needs, requirements, and expectations around cloud computing services.
IRJET - A Comprehensive Review on Security Issues and Challenges in Lightweig...IRJET Journal
This document discusses security issues and challenges with lightweight container communication. It begins with an introduction to containers and microservice architecture. It then examines four use cases: 1) defending containers from semi-honest or malicious hosts, 2) protecting containers from applications, 3) protecting the host from containers, and 4) inter-container protection. For each use case, it identifies potential attacks and discusses directions for future research to enhance container security. The key challenges discussed are exploitation of the shared kernel, denial of service attacks, container breakouts, poisoned images, and compromising secrets. The document concludes that containers will be important for cloud computing but security issues need to be addressed.
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
The Cisco VMDC is a tested and validated reference architecture for the Cisco Unified Data Center. It provides a set of guidelines and best practices for the creation and deployment of a scalable, secure, and resilient infrastructure in the data center. The Cisco VMDC architecture demonstrates how to bring together the latest Cisco routing and switching technologies, network services, data center and cloud security, automation, and integrated solutions with those of Cisco's ecosystem of partners to develop a trusted approach to data center transformation. Specific benefits include:
Demonstrated solutions to critical technology-related problems in evolving IT infrastructure: Provides support for cloud computing, applications, desktop virtualization, consolidation and virtualization, and business continuance
Reduced time to deployment: Provides best-practice recommendations based on a fully tested and validated architecture, helping enable technology adoption and rapid deployment
Reduced risk: Enables enterprises and service providers to deploy new architectures and technologies with confidence
Increased flexibility: Enables rapid, on-demand, workload deployment in a multitenant environment using a comprehensive automation framework with portal-based resource provisioning and management capabilities
Improved operating efficiency: Integrates automation with a multitenant pool of computing, networking, and
storage resources to improve asset use, reduce operation overhead, and mitigate operation configuration errors
The Cisco VMDC architecture, consisting of the Cisco Unified Data Center and Cisco Data Center Interconnect (DCI) together with other architectural components such as infrastructure abstraction, orchestration and automation, assurance, and integrated services and applications, as shown below, provide comprehensive guidelines for deployment of cloud infrastructure and services at multiple levels.
The document discusses key trends driving the consolidation of processing workloads in embedded systems to make devices more secure, manageable and scalable. It describes how virtualization allows functions like security, communications, real-time processing and user interfaces to run separately on a single device. This enhances intelligence in Internet of Things applications by enabling features like remote management and analytics while improving performance, flexibility and reducing costs.
Security Architecture for Thin Client NetworkOyeniyi Samuel
This document summarizes a research paper on security architecture for thin client networks. It discusses some of the security challenges with thin client computing, such as the inability to identify users based on static IP addresses. It proposes using Dynamic Host Control Protocol (DHCP) to dynamically assign IP addresses to clients, enabling detection of MAC address spoofing. When login parameters don't match server information, an IP address conflict would be detected by the administrator. The paper also recommends segmenting the network and assigning a range of clients to each user account, making it possible for administrators to identify which network segment an attacker is on. All user data, applications and operating systems would be stored on the server rather than the client desktops.
This document summarizes a research paper on security issues related to cloud computing for micro, small, and medium enterprises (MSMEs). The paper discusses how MSMEs have started adopting cloud computing solutions to improve operations and cope with challenges from increasing competition. While cloud computing provides benefits like efficient applications and flexibility, security poses challenges when storing data remotely with unknown providers. The paper focuses on analyzing security risks for MSMEs adopting cloud technologies and identifying their needs, requirements, and expectations around cloud computing services.
This document summarizes a research paper on security issues related to cloud computing for micro, small, and medium enterprises (MSMEs). The paper discusses how MSMEs have started adopting cloud computing solutions to improve operations and cope with challenges from increasing competition. While cloud computing provides benefits like efficient applications and flexibility, security poses challenges when storing data remotely with unknown providers. The paper focuses on analyzing security risks for MSMEs adopting cloud technologies and identifying their needs, requirements, and expectations around cloud computing services.
IRJET - A Comprehensive Review on Security Issues and Challenges in Lightweig...IRJET Journal
This document discusses security issues and challenges with lightweight container communication. It begins with an introduction to containers and microservice architecture. It then examines four use cases: 1) defending containers from semi-honest or malicious hosts, 2) protecting containers from applications, 3) protecting the host from containers, and 4) inter-container protection. For each use case, it identifies potential attacks and discusses directions for future research to enhance container security. The key challenges discussed are exploitation of the shared kernel, denial of service attacks, container breakouts, poisoned images, and compromising secrets. The document concludes that containers will be important for cloud computing but security issues need to be addressed.
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
This virtual campus was created in Second Life as a pilot project to demonstrate virtual learning and collaboration possibilities. The campus allowed for successfully holding team meetings, providing links to online resources, streaming media, and displaying presentations. The goal was to showcase how virtual environments could support remote work and education.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Modelli di business e di servizio digitali nell'industria dell'informazioneSara M
Il settore dell’informazione e il giornalismo stanno radicalmente cambiando i propri modelli organizzativi e di erogazione dei servizi in seguito all’adozione di modelli di business digitale, come nel caso del quotidiano britannico The Guardian, l’affermarsi di aggregatori
come Huffington Post, il crescente rilievo di user-generated contents, applicazioni di mash-up, la disponibilità di dati pubblici in formato aperto.
In questo lavoro ci proponiamo di analizzare il modello di business di tre giornali online:The Guardian, Corriere della sera e Huffington Post (versione italiana e americana).
FLSS vuole essere un supporto tecnologico alla gestione della vita condivisa, semplice, giocoso e facile da usare, volto a rendere piacevole e formativo quel periodo della vita in cui giovani studenti e lavoratori condividono un appartamento, soprattutto nelle grandi città dove i canoni d'affitto sono molto alti.
Pivotal has setup and operationalized 1000 node Hadoop cluster called the Analytics Workbench. It takes special setup and skills to manage such a large deployment. This session shares how we set it up and how you will manage it.
How Does Long-term Care Insurance Work?Laurel Blond
Laurel Blond is the president of an insurance agency that offers long-term care insurance. Several factors affect the cost of long-term care policies, including the insured's age, health, where they live, and how long before claims can be made. Policies have different requirements for when benefits kick in, limitations, benefit periods, and maximum payments.
217 people died and 50 were injured in the disaster while around 1275 rescue teams worked to help. 270 buildings collapsed total with 80 collapsing in Ercis and 10 collapsing in Van.
Spain has a diverse landscape and culture. It has a population of Basques, Catalans, and Galicians who primarily speak Spanish. The capital is Madrid and the dominant religion is Roman Catholicism. Key traditions include bullfighting, flamenco dancing and music, and religious festivals that are central to Spanish life.
Albert Einstein was born in 1879 in Germany. Although an average student, he had an early interest in science and mathematics. He left school at age 15 without a degree but later attended school in Switzerland, successfully completing his studies in 1900. In 1903, he married his college roommate Mileva Marić. They had two sons but later separated, with Mileva marrying Einstein's cousin. Einstein became a professor of physics in 1909 and is most known for his theory of relativity and mass-energy equivalence equation, E=mc2. He died in 1955 at the age of 76.
El documento contiene los datos personales de 20 pacientes, incluyendo su nombre, apellido, fecha de nacimiento, teléfono y dirección. La información está organizada en una tabla con las categorías de cada dato como encabezado de las columnas.
This 3-day program on Advanced Corporate Finance will be held from January 10-12, 2013 in Mumbai. It is coordinated by Dr. A. Kanagaraj and aims to provide management executives a financial perspective to make better business decisions. The program focuses on latest corporate finance theories, governance, transparency, and macroeconomic factors. It uses case studies, lectures, and exercises to help participants effectively solve complex financial problems with strategic understanding. The 24,000 rupee fee is for non-residential participants like CFOs, bankers, and analysts.
Metrographics is committed to environmental sustainability and responsibility in its printing operations. They seek out processes that positively impact the environment and incorporate sustainable practices like using FSC certified paper from well-managed forests. Metrographics also aims to conserve resources through minimizing waste and adopting processes like direct-to-plate printing, lean manufacturing, and soy-based inks. The company invests in the latest printing technologies and equipment to provide high quality printing services to clients.
This document contains instructions for a Roman Empire assignment. Students are asked to compare maps of the Roman Empire and modern Europe/Africa to identify 14 modern countries that were part of the Roman Empire. They are also prompted to explain why it would be easy for a Spanish speaker to learn Italian, give their view on whether Spartacus was a terrorist with evidence from the text, and write a paragraph agreeing or disagreeing with the claim that modern US society borrows from Roman culture and civilization while citing evidence.
Mussolini was able to rule Italy for a long period due to his model of fascism. The document discusses the Spanish Civil War from 1936-1939 where Republicans (Democracy and communists), Nationalists (Fascists), and Anarchists fought. The war was important as a prelude to World War 2, with countries like Germany, Italy, and the Soviet Union providing support to different sides, testing new weapons and strategies. Students are assigned to create a propaganda poster recruiting for one of the factions in the Spanish Civil War.
Configuration Compliance For Storage, Network & Server EMC
This white paper shows the benefits of integrating IT infrastructure management technologies such as Network Configuration Manager, Storage Configuration Advisor and vCenter Configuration Manager into the RSA Archer platform for Configuration Compliance.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and clouds. It addresses the security challenges introduced by virtualized workloads, which physical firewalls have limited visibility into. The solution includes Juniper's SRX firewalls to protect physical workloads and segment traffic, and Firefly Host virtual firewalls to protect virtualized workloads within hypervisors and enforce the same security policies. This provides consistent security across physical and virtual environments as organizations adopt cloud computing.
This virtual campus was created in Second Life as a pilot project to demonstrate virtual learning and collaboration possibilities. The campus allowed for successfully holding team meetings, providing links to online resources, streaming media, and displaying presentations. The goal was to showcase how virtual environments could support remote work and education.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Modelli di business e di servizio digitali nell'industria dell'informazioneSara M
Il settore dell’informazione e il giornalismo stanno radicalmente cambiando i propri modelli organizzativi e di erogazione dei servizi in seguito all’adozione di modelli di business digitale, come nel caso del quotidiano britannico The Guardian, l’affermarsi di aggregatori
come Huffington Post, il crescente rilievo di user-generated contents, applicazioni di mash-up, la disponibilità di dati pubblici in formato aperto.
In questo lavoro ci proponiamo di analizzare il modello di business di tre giornali online:The Guardian, Corriere della sera e Huffington Post (versione italiana e americana).
FLSS vuole essere un supporto tecnologico alla gestione della vita condivisa, semplice, giocoso e facile da usare, volto a rendere piacevole e formativo quel periodo della vita in cui giovani studenti e lavoratori condividono un appartamento, soprattutto nelle grandi città dove i canoni d'affitto sono molto alti.
Pivotal has setup and operationalized 1000 node Hadoop cluster called the Analytics Workbench. It takes special setup and skills to manage such a large deployment. This session shares how we set it up and how you will manage it.
How Does Long-term Care Insurance Work?Laurel Blond
Laurel Blond is the president of an insurance agency that offers long-term care insurance. Several factors affect the cost of long-term care policies, including the insured's age, health, where they live, and how long before claims can be made. Policies have different requirements for when benefits kick in, limitations, benefit periods, and maximum payments.
217 people died and 50 were injured in the disaster while around 1275 rescue teams worked to help. 270 buildings collapsed total with 80 collapsing in Ercis and 10 collapsing in Van.
Spain has a diverse landscape and culture. It has a population of Basques, Catalans, and Galicians who primarily speak Spanish. The capital is Madrid and the dominant religion is Roman Catholicism. Key traditions include bullfighting, flamenco dancing and music, and religious festivals that are central to Spanish life.
Albert Einstein was born in 1879 in Germany. Although an average student, he had an early interest in science and mathematics. He left school at age 15 without a degree but later attended school in Switzerland, successfully completing his studies in 1900. In 1903, he married his college roommate Mileva Marić. They had two sons but later separated, with Mileva marrying Einstein's cousin. Einstein became a professor of physics in 1909 and is most known for his theory of relativity and mass-energy equivalence equation, E=mc2. He died in 1955 at the age of 76.
El documento contiene los datos personales de 20 pacientes, incluyendo su nombre, apellido, fecha de nacimiento, teléfono y dirección. La información está organizada en una tabla con las categorías de cada dato como encabezado de las columnas.
This 3-day program on Advanced Corporate Finance will be held from January 10-12, 2013 in Mumbai. It is coordinated by Dr. A. Kanagaraj and aims to provide management executives a financial perspective to make better business decisions. The program focuses on latest corporate finance theories, governance, transparency, and macroeconomic factors. It uses case studies, lectures, and exercises to help participants effectively solve complex financial problems with strategic understanding. The 24,000 rupee fee is for non-residential participants like CFOs, bankers, and analysts.
Metrographics is committed to environmental sustainability and responsibility in its printing operations. They seek out processes that positively impact the environment and incorporate sustainable practices like using FSC certified paper from well-managed forests. Metrographics also aims to conserve resources through minimizing waste and adopting processes like direct-to-plate printing, lean manufacturing, and soy-based inks. The company invests in the latest printing technologies and equipment to provide high quality printing services to clients.
This document contains instructions for a Roman Empire assignment. Students are asked to compare maps of the Roman Empire and modern Europe/Africa to identify 14 modern countries that were part of the Roman Empire. They are also prompted to explain why it would be easy for a Spanish speaker to learn Italian, give their view on whether Spartacus was a terrorist with evidence from the text, and write a paragraph agreeing or disagreeing with the claim that modern US society borrows from Roman culture and civilization while citing evidence.
Mussolini was able to rule Italy for a long period due to his model of fascism. The document discusses the Spanish Civil War from 1936-1939 where Republicans (Democracy and communists), Nationalists (Fascists), and Anarchists fought. The war was important as a prelude to World War 2, with countries like Germany, Italy, and the Soviet Union providing support to different sides, testing new weapons and strategies. Students are assigned to create a propaganda poster recruiting for one of the factions in the Spanish Civil War.
Configuration Compliance For Storage, Network & Server EMC
This white paper shows the benefits of integrating IT infrastructure management technologies such as Network Configuration Manager, Storage Configuration Advisor and vCenter Configuration Manager into the RSA Archer platform for Configuration Compliance.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and clouds. It addresses the security challenges introduced by virtualized workloads, which physical firewalls have limited visibility into. The solution includes Juniper's SRX firewalls to protect physical workloads and segment traffic, and Firefly Host virtual firewalls to protect virtualized workloads within hypervisors and enforce the same security policies. This provides consistent security across physical and virtual environments as organizations adopt cloud computing.
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
The document provides an overview of the Certificate of Cloud Security Knowledge (CCSK) certification. It discusses the history and purpose of the CCSK, which was created by the Cloud Security Alliance to promote best practices for security in cloud computing. The CCSK certification tests knowledge across 15 domains related to cloud security and is intended to help both consumers and vendors discuss security risks and assurances. To become certified, candidates must pass an online multiple choice exam that covers all domains and must be completed within 90 minutes with a score of 80% or higher.
This document proposes the Cisco Secure Enclaves architecture to provide security and isolation for applications and data in shared cloud computing environments. The architecture uses standard Cisco integrated systems components along with additional security services. It aims to enable secure multi-tenancy and isolation through automated security configuration, auditing, patching and responses. This is intended to simplify management and provide compliance while allowing flexible consumption of computing and storage resources.
TierPoint White Paper_With all due diligence_2015sllongo3
Understanding true security capabilities in the cloud environment is an important part of the evaluation process of a prospective provider. This guide will help you understand what needs investigating before turning your data over to the cloud.
This white paper discusses the importance of conducting thorough due diligence on cloud computing providers to evaluate their security capabilities. It outlines four key areas that should be examined: 1) verifying the provider's infrastructure and standardized equipment; 2) checking for important security certifications; 3) assessing the due diligence conducted by the provider themselves; and 4) validating the provider's data protection and security measures. Conducting proper due diligence is essential to ensure a cloud provider can adequately protect a customer's data and systems.
Cloud Computing Use Cases Whitepaper 3 0Jason Reed
This document provides definitions and taxonomy for cloud computing concepts. It outlines 7 common use case scenarios for cloud computing including end user to cloud, enterprise to cloud, enterprise to cloud to enterprise, private cloud, changing cloud vendors, hybrid cloud, and cross-references between requirements and use cases. It also provides 5 customer scenarios that could benefit from cloud computing. The main focus is on security use cases and requirements to ensure interoperability and portability across cloud vendors. The goal is to define practical scenarios to guide standards development and avoid vendor lock-in.
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
The document provides an overview of 11 domains related to security in cloud computing. It summarizes recommendations for governance, risk management, compliance, auditing, information lifecycle management, portability and interoperability, traditional security practices, data center operations, incident response, application security, and encryption in cloud environments. The document emphasizes the importance of thorough risk analysis, contractual agreements, ongoing assessment and monitoring when adopting cloud services.
1. The document discusses 10 reasons why organizations may be ready for a secure managed cloud service, including wanting built-in security capabilities, customized service, and a proactive partner.
2. It describes what a managed cloud service entails and differentiates secure managed cloud services from typical cloud services. Secure managed cloud services take on more security responsibilities.
3. The best secure managed cloud services provide benefits like 24/7 monitoring and maintenance of cloud workloads, reduced costs, faster deployment times, unique capabilities, lower risk, and assistance with compliance requirements.
White Paper: EMC Compute-as-a-Service — EMC Ionix IT Orchestrator, VCE Vblock...EMC
This White Paper explores the integration of cloud technology components into a Compute-as-a-Service platform that enables service providers to deploy and manage cloud-based services and tenants to adopt and customize those services into their businesses.
This document discusses information security in the datacenter and whether it is an internal affair. It summarizes key findings from 2010-2012 regarding security in virtualized datacenters. The main risks of virtualization in the datacenter are discussed, including loss of separation of duties, vulnerabilities in privileged software layers, incorrect virtual network configuration exposing isolation, and increased impact of denial of service attacks. The document concludes that just because an organization can consolidate servers virtually does not mean it should without understanding additional security risks and mitigations. It also discusses three styles of securing applications in public and private datacenters: relying on infrastructure security, running own controls inside the datacenter, or requiring all controls separate from the datacenter/cloud.
Azure 13 effective security controls for iso 27001 complianceErlinkencana
This document provides 13 security principles for designing secure solutions when using Microsoft Azure. The principles are aligned with ISO 27001 and are intended to help customers mitigate security risks early in their adoption of cloud computing. The principles cover key areas like identity and authentication, access controls, malware protection, encryption, logging and monitoring. Following the principles can help solutions meet compliance obligations like ISO 27001.
This document describes a virtual desktop solution for knowledge workers using VMware View 4.5 on a Vblock Series 700 infrastructure platform. It details the solution architecture, validation testing of 768 and 1536 desktops, and results. Testing showed the solution can support the workload characteristics of knowledge workers with good application response times and scalable server and storage utilization. The Vblock 700 provided a pre-integrated, validated platform that streamlined deployment of the virtual desktop environment.
This technical brief discusses the challenges of virtualizing critical infrastructure like Active Directory (AD) and Microsoft Exchange. It explains that visibility into both the virtual and physical environments is needed to accurately diagnose and resolve performance issues. The brief recommends using a solution like Quest's vFoglight, which provides extensive monitoring of virtual and physical components, allowing administrators to quickly detect, diagnose, and resolve problems affecting AD and Exchange availability and performance.
This white paper discusses security challenges in virtual networks and alternatives for securing them. Traditional network security tools cannot see or control traffic between virtual machines on the same host. Mixing VMs with different trust levels on one host poses risks. While some try to apply physical network security to virtual networks through VLANs, this increases complexity and costs as VM usage grows. The paper proposes a next-generation security solution called Firefly Host that is designed specifically for virtual networks to monitor and control inter-VM traffic while maintaining the benefits of virtualization.
The document discusses security considerations for cloud computing. It summarizes cloud security working groups that were formed to address security issues and categorize issues. It then discusses elements of a cloud security model including privileged user access, regulatory compliance, data location, data segregation, recovery, investigation support, and long-term viability. Finally, it introduces the Cloud Security Reference Model and the Cloud Cube Model for standardizing secure cloud computing and addressing de-perimeterization of networks.
USING SOFTWARE-DEFINED DATA CENTERS TO ENABLE CLOUD BUILDERSJuniper Networks
Juniper-VMware Areas of Collaboration
Customers looking to cloud technologies for better application agility and more efficient support of their entire IT operations are finding that broader use of virtualization across hardware is fundamental to achieving these goals.
The document discusses compliance and certification in the public cloud. It introduces the Cloud Security Alliance's Open Certification Framework, which provides three levels of trust and assurance for cloud consumers. Level 1 is the CSA STAR registry, a public registry of cloud provider self-assessments. Level 2 is CSA STAR Certification, which evaluates a cloud provider's information security management system. Level 3 is CSA STAR Attestation, which is based on the AICPA SOC 2 attestation standard supplemented by the Cloud Controls Matrix. The framework aims to build trust and transparency between cloud providers and consumers.
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC XtremIO and Citrix XenDesktop provide an optimized virtual desktop infrastructure solution. XtremIO's all-flash storage delivers high performance, scalability, and predictable low latency required for large VDI deployments. Its agile copy services and data reduction features help reduce storage costs. Joint demonstrations showed XtremIO supporting thousands of desktops with sub-millisecond response times during boot storms and login storms. A unique plug-in streamlines the automated deployment and management of large XenDesktop environments using XtremIO's advanced capabilities.
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
This document summarizes a presentation about scale-out converged solutions for analytics. The presentation covers the history of analytic infrastructure, why scale-out converged solutions are beneficial, an analytic workflow enabled by EMC Isilon storage and Hadoop, test results showing performance benefits, customer use cases, and next steps. It includes an agenda, diagrams demonstrating analytic workflows, performance comparisons, and descriptions of enterprise features provided by using EMC Isilon with Hadoop.
The document discusses identity and access management challenges for retailers. It outlines security concerns retailers face, including the need to protect customer data and payment card information from cyber criminals. It then describes specific identity challenges retailers deal with related to compliance, access governance, and managing identity lifecycles. The document proposes using RSA Identity Management and Governance solutions to help retailers with access reviews, governing access through policies, and keeping compliant with regulations. Use cases are provided showing how IMG can help with challenges like point of sale monitoring, unowned accounts, seasonal workers, and operational issues.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
Virtualization does not have to be expensive, cause downtime, or require specialized skills. In fact, virtualization can reduce hardware and energy costs by up to 50% and 80% respectively, accelerate provisioning time from weeks to hours, and improve average uptime and business response times. With proper training and resources, virtualization can be easier to manage than physical environments and save over $3,000 per year for each virtualized server workload through server consolidation.
An Intelligence Driven GRC model provides organizations with comprehensive visibility and context across their digital assets, processes, and relationships. It enables prioritization of risks based on their potential business impact and streamlines remediation. By collecting and analyzing data in real time, an Intelligence Driven GRC strategy reveals insights into critical risks and compliance issues and facilitates coordinated responses across security, risk management, and compliance functions.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
Emory's 2015 Technology Day conference brought together faculty, staff and students to discuss innovative uses of technology in teaching and research. Attendees learned about new tools and platforms through hands-on workshops and presentations by Emory experts. The conference highlighted how technology is enhancing collaboration and creativity across Emory's campus.
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
This document provides information about data science and big data analytics. It discusses discovering, analyzing, visualizing and presenting data as key activities for data scientists. It also provides a website for further information on a book covering the tools and methods used by data scientists.
Using EMC VNX storage with VMware vSphereTechBookEMC
This document provides an overview of using EMC VNX storage with VMware vSphere. It covers topics such as VNX technology and management tools, installing vSphere on VNX, configuring storage access, provisioning storage, cloning virtual machines, backup and recovery options, data replication solutions, data migration, and monitoring. Configuration steps and best practices are also discussed.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
White Paper: EMC Security Design Principles for Multi-Tenant As-a-Service Environments
1. White Paper
EMC SECURITY DESIGN PRINCIPLES FOR
MULTI-TENANT AS-A-SERVICE
ENVIRONMENTS
• Information security in multi-tenant cloud environments
• Regulatory compliance in cloud environments
• Considerations for migrating to the cloud
EMC Solutions Group
Abstract
This white paper proposes that virtualized as-a-service environments can be
made as secure as, if not more secure than, physical environments. The paper
describes security challenges inherent in multi-tenant as-a-service
environments. Design considerations of tenants and service providers, and how
design factors are affected by information security or compliance requirements,
are discussed.
August 2012
3. Table of contents
Executive summary ............................................................................................................................. 5
Business case .................................................................................................................................. 5
Solution overview ............................................................................................................................ 5
Key results/ recommendations ........................................................................................................ 5
Introduction ....................................................................................................................................... 6
Purpose ........................................................................................................................................... 6
Scope .............................................................................................................................................. 6
Audience.......................................................................................................................................... 6
Information security versus compliance .............................................................................................. 7
Introduction to information security versus compliance ................................................................... 7
Compliance ................................................................................................................................. 7
Information security .................................................................................................................... 7
Information security design principles ............................................................................................. 7
Information security in a virtualized environment ............................................................................... 8
Virtual versus physical environments ............................................................................................... 8
Scale is the challenge ...................................................................................................................... 8
Compliance and risk in a virtualized environment ............................................................................... 9
Compliance ...................................................................................................................................... 9
Risk management ............................................................................................................................ 9
Moving to the cloud .......................................................................................................................... 11
Information security goals .............................................................................................................. 11
Control in a cloud-based solution .................................................................................................. 11
Multi-tenant access........................................................................................................................ 11
Information security in the cloud .................................................................................................... 11
Private versus Public cloud-based environments............................................................................ 12
Visibility and control in the cloud ..................................................................................................... 13
Visibility and control in the cloud ................................................................................................... 13
Secure Content Automation Protocol (SCAP) .................................................................................. 13
Customer-specific visibility ............................................................................................................ 13
EMC SCAP-based solution .............................................................................................................. 13
Conclusion ....................................................................................................................................... 15
Summary ....................................................................................................................................... 15
Findings ......................................................................................................................................... 15
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 3
5. Executive summary
Business case Every organization is dealing with the challenges and risks inherent in moving their
workloads from legacy IT environments to private cloud, and ultimately to public
cloud multi-tenant as-a-service environments.
Information security is a significant challenge when moving to the cloud. Tenants and
services providers need to understand and address the security implications of
virtualization and multi-tenancy to ensure that their solutions comply with all relevant
standards.
Solution overview This white paper discusses the security challenges inherent in multi-tenant as-a-
service environments, and focuses on the design considerations for both tenants and
service providers:
• The tenant is concerned with the compliance of the as-a-service environment.
• The service provider is concerned with providing appropriate information
security capabilities and the corresponding configuration, processes, and
procedures.
EMC categorizes the design factors that a service provider must address, as follows::
• Secure separation
• Service assurance
• Service provider in control
• Tenant in control
• Security and compliance
• Data protection
Each design factor is affected directly or indirectly by information security or
compliance requirements. Considerations include:
• The impact on separation and assurance of a virtualized environment.
• How the service provider and tenant can maintain control of the environment,
yet not violate governance requirements.
This white paper provides an overview of the security challenges, while focusing on
what information security and governance mean in these contexts.
Key results/ From an information security and compliance perspective, this white paper proposes
recommendations that virtualized as-a-service environments can be as secure as, or more secure than,
non-virtualized physical environments.
The information security controls required to meet the governance requirements of a
physical environment map directly to the requirements of a virtualized environment.
In addition, virtual environments can provide additional security capabilities and
features not possible or practical in a physical environment.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 5
6. Introduction
Purpose The purpose of this white paper is to discuss design considerations that take into
account the information security and compliance challenges inherent in multi-tenant
service provider environments.
Scope The scope of this white paper is to provide an overview of the information security
and compliance design considerations that must be investigated during an
organization’s workload migration from legacy IT to public cloud environments.
The white paper does not include detailed configuration recommendations.
Audience This white paper targets technical architects, who are responsible for developing and
implementing their organization’s workload migration. The reader has proficient
knowledge of information security, governance, and cloud terminology.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 6
7. Information security versus compliance
Introduction to One of the first challenges faced by a security professional, during a conversation
information about information security with a non-security professional, is to clarify the subject of
security versus the conversation. Often, security conversations are about compliance or cover only
compliance one aspect of information security. Due to the frequent misunderstandings about
information security and compliance, it is important to clarify the differences between
the two.
Compliance
Compliance is typically defined as “…conforming to a rule, such as a specification,
policy, standard, or law. Regulatory compliance describes the goal that corporations
or public agencies aspire to in their efforts to ensure that personnel are aware of and
take steps to comply with relevant laws and regulations.” 1
The Payment Card Industry Data Security Standard (PCI DSS) is an example of a
regulatory specification.
Information security
Information security is defined as “…a means of protecting information and
information systems from unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording, or destruction...This is frequently
summarized as protecting the confidentiality, integrity, and availability of
information.” 2
Information This white paper focuses on the information security design principles that must be
security design considered in multi-tenant as-a-service environments so that they can be configured
principles to be compliant with specific regulatory requirements. We provide you with an
overview of the security capabilities and controls that you must have in your
environment.
1
Wikipedia, Regulatory compliance, as of August 8, 2012 page update
2
Wikipedia, Information security, as of August 15, 2012 page update
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 7
8. Information security in a virtualized environment
Virtual versus The question of whether or not virtualized environments can be made as secure as
physical physical environments has been going on for years.
environments
Historically speaking, IBM successfully passed an independent security review and
accreditation of its mainframe LPARs implementation in the 1980s. VMware® started
submitting its virtualization products for independent accreditation a decade or two
later. Despite this long history of accredited virtualized environments, there is still a
significant level of distrust and misunderstanding about information security
capabilities and controls in these environments.
This lack of confidence is indicated by the very high level of interest in the topic. A
quick web search on “virtualized environment security” returns over nine million hits
and an abundance of articles.
Scale is the The challenge of securing virtualized environments is not a new problem. What is
challenge different in today’s as-a-service and cloud-based environments is the scale of the
environments that are being secured and reviewed for regulatory compliance. This
challenge is the one that demands new solutions to the information security issues of
confidentiality, integrity, and assurance.
Therefore, the question is not whether virtualized environments can be as secure as
physical environments. The real question is how to apply the lessons learned from
securing physical environments to the much larger scale environments that underlie
public, private, and hybrid cloud offerings.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 8
9. Compliance and risk in a virtualized environment
Compliance How does an auditor validate compliance in a virtualized environment? This is a
question that we hear repeatedly when talking with organizations considering
migrating to cloud-based environments.
The controls that an auditor validates in a physical environment also apply to a virtual
environment. Having the correct controls in place is as critical in a virtual environment
as they are in a physical environment. The common set of controls most industry and
government regulations focus on includes, but is not limited to:
• Anti-virus and anti-malware
• Authentication
• Authorization
• Change control
• Identify management
• Intrusion detection
• Security incident and event monitoring (SIEM)
• Network controls and forensics
• Monitoring and management (GRC)
However, in a virtual environment, there is likely to be additional software
components to which these controls must be applied. At a minimum, there will be
some type of hypervisor providing abstraction to CPU and memory of the systems.
There is likely to be some network virtualization in addition to physical network
devices. There is almost certainly network and storage virtualization present in the
current legacy IT environment.
Several regulatory bodies have issued virtualization-specific recommendations. For
example, PCI’s Virtualization Special Interest Group (SIG) created the information
supplement: PCI DSS Virtualization Guidelines. This document discusses not only the
risks of virtualized environments but also provides recommendations on the impact
of virtualization on compliance with PCI DSS. However, this document was released in
2011, though virtualization has been in use for decades.
Risk management Information security is all about managing risks in the environment. The Certified
Information Systems Auditor (CISA) Review Manual 2006 provides the following
definition of risk management:
"Risk management is the process of identifying vulnerabilities and threats to the
information resources used by an organization in achieving business objectives, and
deciding what counter measures, if any, to take in reducing risk to an acceptable
level, based on the value of the information resource to the organization."
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 9
10. While determining and managing risk is critical to any organizations’ migration to
private, public, and hybrid cloud environments, any decisions on when and where to
move workloads to the cloud is beyond the scope of this white paper. Your
organization must consider, in detail, the risks inherent in moving data into the
cloud.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 10
11. Moving to the cloud
Information There is no substantive difference between the information security and compliance
security goals requirements for cloud and non-cloud environments. There are, of course, some
additional components in a cloud environment, but these are minor.
The information security goals are the same for cloud and non-cloud environments
and for virtualized and non-virtualized environments. It is critical that organizations
keep in mind that they must apply the same processes to cloud-based solutions as to
other solutions. It is the “how” of information security that has changed and not the
“what” that has changed.
Control in a cloud- Cloud computing removes many of the traditional, physical boundaries that help
based solution define and protect an organization’s data assets. Physical servers are replaced by
virtual ones. Perimeters are established not just by firewalls, but also by the transit of
virtual machines. Risk factors become more complex as the cloud introduces ever-
expanding, transient chains of custody for sensitive enterprise data and applications.
As organizations migrate their IT workloads to the cloud, they effectively relinquish
some control over their information infrastructure and processes, even while they are
required to bear greater responsibility for data confidentiality and compliance. This
shift has wide-ranging implications for a broad set of corporate stakeholders,
especially leaders who are responsible for information security.
This is particularly true in a public cloud environment. Meanwhile, the trend is for
regulatory oversight and compliance requirements to become stricter and more
demanding. Therefore, it is critical that any cloud-based solution considered by your
organization includes information security and regulatory compliance requirements
from its initial conception.
Multi-tenant Building an environment that provides multi-tenant access is critical for any public
access cloud service provider offering. Multi-tenancy, in this context, means that the service
provider can provide a tenant with an environment in which it appears, from the
tenant’s perspective, that all resources are dedicated to that tenant. In addition, the
infrastructure must ensure that no tenant can influence the behavior of another
tenant’s environment in any way. This is one of the biggest differences between
private and public cloud environments. However, you must consider that in any
virtualized environment, there is a significant degree of multi-tenancy implied.
Depending on the type of environment, multi-tenancy may be significant.
Information As organizations begin to migrate to the cloud, there is still confusion about how best
security in the to handle information security in the cloud. In a report commissioned by RSA, As
cloud Hyper-extended Enterprises Grow, So Do Security Risks, two-thirds of the
respondents, who are running applications or business processes in the cloud,
admitted that they had not developed a security strategy for cloud computing. A
majority of respondents were not sure how prospective cloud-computing vendors
would safeguard data or how corporate security teams would meet compliance
requirements for moving data into the cloud.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 11
12. Private versus The main differences between private and public cloud-based environments are:
Public cloud-based
• Automation of provisioning
environments
• Operation
• Self-service
• Large-scale virtualization
This ability to scale out virtualized environments, either in a private or public cloud
environment, is what makes cloud different.
Information security controls must be integrated into these scaled-out architectures.
Otherwise, it is impossible to report, with any accuracy, the security position of such
an environment. Areas that a service provider must address include:
• Authentication
• Configuration and service pack management
• Data loss prevention and forensics
• Dashboard (eGRC)
• Identity and access management
• Multi-tenancy
• Network monitoring and analysis
• Security information and event logging
• Security management (dashboard)
You must place particular emphasis on security management and the eGRC
dashboard, which is used to report on the environment.
Similarly, tenants of cloud-based solutions must apply their normal information
security and risk-management policies and procedures to any cloud-based
deployment. At a minimum, they must:
• Define policies
• Evaluate cloud providers
• Require transparency and visibility into the cloud
• Maintain segregation of administrative privileges
• Manage provisioning policies (virtual machine, storage, and network)
• Encrypt and tokenize sensitive data
• Adopt federated identity management and strong authentication
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 12
13. Visibility and control in the cloud
Visibility and In the cloud, “visibility plus control equals trust”.
control in the
cloud The most important step that a service provider must take towards building a trusted
cloud-based as-a-service solution is to provide visibility and control into its
information security and compliance processes and procedures. The message
customers and potential customers convey to as-a-service providers is that visibility
generates trust and without trust the service provider will not get their business.
Similarly, the service provider must implement information security controls in their
virtualized multi-tenant infrastructure to meet customer requirements. In order for the
service provider to gain a customer’s trust, the service provider must provide details
on the how and what of their information security and compliance strategies. This
does not mean that the service provider needs to provide copies of their audit
monitoring procedures on their website. What it does mean is that the service
provider must make available, in as close to real-time as possible, the ability for a
customer to view the service providers’ entire compliance configuration through a
single management GUI (also known as a “single-pane-of-glass”). If that is not
possible, then service providers must share information in other ways.
Secure Content The most promising solution to enable visibility into a multi-tenant as-a-service
Automation environment is a relatively new protocol called Secure Content Automation Protocol
Protocol (SCAP) (SCAP) that was developed by the National Institute of Standards and Technology
(NIST). “SCAP is a method for using specific standards to enable automated
vulnerability management, measurement, and policy compliance evaluation (for
example, Federal Information Security Management Act (FISMA) compliance)...It
combines several open standards that are used to enumerate software flaws and
configuration issues related to security.” 3
Information security practitioners are enthusiastic about open standards. SCAP uses
Common Vulnerabilities and Exposures (CVE) and Open Vulnerability and
Assessment Language (OVAL), for example.
Today, SCAP compliant software is already available, for example, VMware vCenter®
Configuration Management (vCM). For more information on SCAP capabilities, see the
National Vulnerability Database.
Customer-specific One challenge that SCAP does not address is how to provide customer-specific
visibility visibility into as-a-service environments. How does a service provider do the
correlation (also known as “mashup”) of all the data collected in these types of
environments? Specifically, how will a specific log entry be associated with the
tenants that it affects? And how will a tenant receive only the security related
information for the network switches that are used for that tenant’s data? These are
important issues and concerns.
EMC SCAP-based The good news is that several of the challenges in providing visibility into as-a-service
solution environments have been solved with SCAP. One of those challenges is how to get the
security configuration information to the service provider’s tenants. EMC’s Office of
the CTO has been doing demos of a prototype SCAP-based solution. The idea is to
3
Wikipedia, Secure Content Automation Protocol, as of July 20, 2012 page update
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 13
14. use SCAP and its associated protocols to forward vulnerability-related information
from the service provider’s environment to an external “air-gapped” repository that
will collect the information.
Air gap is “…a security measure often taken for computers and computer networks
that must be extraordinarily secure. It consists of ensuring that a secure network is
completely physically, electrically, and electromagnetically isolated from unsecured
networks, such as the public Internet or an unsecured local area network.” 4
Tenants subscribe to the repository and receive SCAP information applicable only to
them. The SCAP feed is then displayed in a local dashboard, which is SCAP-aware. In
this model, the customer only subscribes to those data-feeds that are relevant to
them.
In this way, a customer of a cloud-based solution can use an eGRC dashboard for
their as-a-service environment as well as their internal IT systems.
4
Wikipedia, Air gap (networking), as of July 25, 2012 page update
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 14
15. Conclusion
Summary The goal of this paper is to show that the information security and compliance
challenges of multi-tenant as-a-service environments are largely the same as those
for physical environments and can be successfully addressed. The controls that must
be put in place are the same in both environments and include:
• Anti-virus and anti-malware
• Authentication
• Authorization
• Change control
• Identify management
• Intrusion detection
• Security incident and event monitoring (SIEM)
• Network controls and forensics
• Monitoring and management (GRC)
The key element to consider is the equation of “visibility plus control equals trust” -
how the service provider will provide that and how the tenant will consume it.
Findings This white paper highlights a couple of solutions that enable visibility into multi-
tenant as-a-service environments:
• SCAP solution
The most promising solution is the protocol Secure Content Automation
Protocol (SCAP), which was developed by the National Institute of Standards
and Technology (NIST). However, SCAP by itself does not address the problem
of how to provide customer-specific visibility into as-a-service environments.
• EMC SCAP-based solution
EMC’s prototype solution solves the customer-specific visibility problem. The
solution uses SCAP and its associated protocols to forward vulnerability-related
information from the service provider’s environment to an external air-gapped
repository that collects the information. Tenants subscribe to the repository
and receive SCAP information applicable only to them.
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 15
16. References
White papers For more information, see the following white papers:
• Design Principles and Considerations for Configuring VMware vShield in Service
Provider Environments
• EMC Compute-as-a-service - Design Principles and Considerations for
Deployment
Other For more information, see the following documentation:
documentation
• Information Supplement: PCI DSS Virtualization Guidelines by the Virtualization
Special Interest Group PCI Security Standards Council, Version 2.0, June 2011
• RSA Security Brief: Identity & Data Protection in the Cloud, November 2009
• On the Security of Cloud Storage Services, Fraunhofer Institute for Secure
Information Technology, Moritz Borgmann, et al, March 2012
• Governance of Enterprise Security - CyLab 2012 Report: How Boards and Senior
Executives are Managing Cyber Risks, Carnegie Mellon University, May 16,
2012
• Design Guide: Vblock Solutions for Trusted Multi-Tenancy, VCE, February 2012
EMC Security Design Principles for Multi-Tenant As-a-Service Environments 16