SlideShare a Scribd company logo

Oded Tsur - Ca Cloud Security

C
CSAIsrael

The document discusses security challenges related to cloud computing adoption and identity and access management (IAM). It notes that as organizations increasingly adopt cloud services, the traditional trust model between users and enterprises will need to change. Effective IAM will be crucial to extending enterprise security to the cloud, enabling cloud providers to gain customer trust, and potentially managing user identity from cloud identity services in the future. Key IAM capabilities like access governance, single sign-on, logging and more will need to scale across physical, virtual and cloud environments.

1 of 28
Download to read offline
WHEN TITLE IS NOT A Security QUESTIO management to, for, and from the cloud CA’s Cloud Security Capabilities & Strategy Oded Tsur CISSP Sr. Solution strategist N O ‘WE CAN’
Cloud - Next Wave of IT Architectures 2 Copyright © 2010 CA. All rights reserved.
Many Have Adopted Some Cloud Services Some Have Adopted Many Cloud Services Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 3 Copyright © 2010 CA. All rights reserved.
Why Adopting the Cloud? To Save $ & Time Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 4 Copyright © 2010 CA. All rights reserved.
Who is Responsible For Security? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 5 Copyright © 2010 CA. All rights reserved.
Do You know Your Cloud Services? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 6 Copyright © 2010 CA. All rights reserved.
IAM is #1 Area of Focus for Migration Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 7 Copyright © 2010 CA. All rights reserved.
What is the Cloud? SaaS Public Cloud PaaS Hybrid Cloud IaaS Private Cloud 8 Copyright © 2010 CA. All rights reserved.
Identity & Access Management - Defined Security Policy - REDUCED IDENTITIES MANY IDENTITIES MANY USERS MANY APPLICATIONS CENTRALIZED MANY ADMINS -  Easier administration ADMINISTRATION -  Single Sign-on -  Centralized Security ˉ  Reduced admin costs -  Reduced Costs -  User self-service -  Easier app dev ˉ  Consistent admin across platforms -  Improved auditing for easier compliance ˉ  Automation of IT processes
10 Copyright © 2010 CA. All rights reserved.
Un Structured Physical Boundaries — VM Mobility beyond the server room − VMs can be copied, or cloned − Machine memory is accessible from the host − Disc space can be accessed from storage — Challenging Physical Security − Copying a VM = Stealing a server from the server room − The virtual DC is distributed – Not a mainframe 11
The 4th Dimension - Time — What happens when we revert to snapshot? − LOST Audit Events − LOST configuration − LOST Security Policy — Am I Still Compliant with my Policy? 12
Cloud Model Drives Security Implications Control .vs. Visibility Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 13 Copyright © 2010 CA. All rights reserved.
Cloud Model Drives Security Implications Private Clouds are a Modern Form of Dedicated IT? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 14 Copyright © 2010 CA. All rights reserved.
Cloud Model Drives Security Implications How do I manage my user’s SaaS accounts & their access? How do I collect & analyze SaaS security logs? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 15 Copyright © 2010 CA. All rights reserved.
Cloud Model Drives Security Implications How do I define & enforce access policies in PaaS applications without creating more security silos? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 16 Copyright © 2010 CA. All rights reserved.
Cloud Model Drives Security Implications How do I control privileged users in IaaS…both theirs & ours? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 17 Copyright © 2010 CA. All rights reserved.
IAM & Trust Before Cloud — Trust established between the user & enterprise −  Or between user & each application when applications are silo-ed — IAM is deployed on-premise Enterprise   Corporate   Directory   “Iden4ty   Provider”   Public IAM User   Remote user In-­‐house   Applica4ons   18 Copyright © 2010 CA. All rights reserved.
Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud Trust Models Will Need to Change 19 Copyright © 2010 CA. All rights reserved.
1 Extend Enterprise Security to the Cloud q  Enterprises will use more SaaS applications & Cloud services q  Trust model will be between user & enterprise q  The On-Premise IAM system “extends” out to the Cloud Ø  Provisioning and SSO to SaaS Applications Ø  Cloud Web Services for Mashing Applications Ø  Access Governance (certification & attestation) extends to Cloud Ø  Log Collection of Cloud applications Public Enterprise LAN Corporate Remote user Directory “Identity Provider” IAM User Dir Dir Dir 20 Copyright © 2010 CA. All rights reserved.
1 Extend Enterprise Security to the Cloud Need to… Provision users to SaaS Applications (SFDC, Google, etc) SSO (SAML-based) & Access Control to SaaS Applications Access Control to Cloud-based Web Services for building mashed applications Log access to SaaS Applications Control information while using SaaS Applications 21 Copyright © 2010 CA. All rights reserved.
1 Extend Enterprise Security to the Cloud Need to… Solution Provision users to SaaS Applications (SFDC, CA Identity Manager Google, etc) SSO (SAML-based) & Access Control to SaaS CA SiteMinder Applications CA Federation Manager Access Control to Cloud-based Web Services CA SOA Security for building mashed applications Manager Log access to SaaS Applications CA Enterprise Log Manager Control information while using SaaS CA DLP Applications 22 Copyright © 2010 CA. All rights reserved.
2 Security to enable Cloud Providers q  Enterprises providing private clouds & Organizations providing public clouds q  Security improvements needed to become more trusted Ø  Need to provide effective security controls Ø  Need to prove their controls through real time reporting Public Cloud Ø  Increase transparency of policies App 3 App 3 App 1 App 1 App 2 App 3 Customer 1 Customer 2 Customer n Enterprise Private Cloud App 3 App 3 Hyper Visor App 1 App 2 App 3 Hardware Hyper Visor IAM Hardware IAM 23 Copyright © 2010 CA. All rights reserved.
2 Entire CA IAM Solution for the Cloud The control you need to confidently drive business forward Control Control Control Identities Access Information Manage and govern Control access to systems Find, classify and control Focus identities and what they & applications across how information is used can access based on physical, virtual & cloud based on content and their role environments identity § CA Role & Compliance Mgr § CA Access Control § CA DLP Products § CA Identity Manager § CA SiteMinder § CA Enterprise Log Manager § CA Federation Manager § CA SOA Security Manager Content Aware Identity and Access Management 24 Copyright © 2010 CA. All rights reserved.
Security to enable Cloud Providers 2 Support Virtualization & extend control to the hypervisor — Support Virtualization −  Secure Virtual Machines −  Log Collection from Virtual Machines −  Secure Privileged Partitions — Manage Complexity −  Deployment (Security encapsulation) −  Automation −  Extend Policy Management — Repeatable Compliance −  Control Identities, Access and Information −  Transparency of Access and Logs −  Cloud-Provider specific compliance requirements (eg. SAS-70) 25 Copyright © 2010 CA. All rights reserved.
3 Security from the Cloud Identity Services from the Cloud q  Eventually even user Identity (proofing, authentication, authorization/SSO, provisioning…) can be managed by a Cloud Service q  Trust will be very different Cloud IM Service Ø  User to Cloud security service “Identity Public ProvideR” Enterprise Corporate Remote user Directory “Identity Provider” IAM App User Dir Dir In-house Dir Applications 26 Copyright © 2010 CA. All rights reserved.
Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud 27 Copyright © 2010 CA. All rights reserved.
TIT E IS A Q&A QUES oded.tsur@ca.com ‘WE CAN ANSW IN BO

Recommended

Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
Neil Readshaw
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
Cisco Public Relations
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco Public Relations
 
Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
Cisco Public Relations
 
Cisco tec surya panditi - service provider
Cisco tec surya panditi - service providerCisco tec surya panditi - service provider
Cisco tec surya panditi - service provider
Cisco Public Relations
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
Lars Neupart
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 

Recommended

Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
Neil Readshaw
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
Cisco Public Relations
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco Public Relations
 
Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
Cisco Public Relations
 
Cisco tec surya panditi - service provider
Cisco tec surya panditi - service providerCisco tec surya panditi - service provider
Cisco tec surya panditi - service provider
Cisco Public Relations
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
Lars Neupart
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Cisco Public Relations
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
E-Government Center Moldova
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
Parth Agrawal
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
avelinakauffman
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Hi-Tech College
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
UNIT4 IT Solutions
 
分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护
ITband
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - Ecuador
Olmedo Abril Arboleda
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & More
ceriumnetworks
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
GovCloud Network
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
IBM India Smarter Computing
 
Guy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference HighlightsGuy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference Highlights
CSAIsrael
 
6.1
6.16.1
6.1
Yandex
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"
Yandex
 
Big datainmemory pub
Big datainmemory pubBig datainmemory pub
Big datainmemory pub
Alexander Shvid
 
Open stack
Open stackOpen stack
Open stack
Luan Cestari
 

More Related Content

What's hot

HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Cisco Public Relations
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
E-Government Center Moldova
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
Parth Agrawal
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
avelinakauffman
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Hi-Tech College
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
UNIT4 IT Solutions
 
分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护
ITband
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - Ecuador
Olmedo Abril Arboleda
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & More
ceriumnetworks
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
GovCloud Network
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
IBM India Smarter Computing
 

What's hot (17)

HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护分会场八云及虚拟环境安全防护
分会场八云及虚拟环境安全防护
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - Ecuador
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & More
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
 

Viewers also liked

Guy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference HighlightsGuy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference Highlights
CSAIsrael
 
6.1
6.16.1
6.1
Yandex
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"
Yandex
 
Big datainmemory pub
Big datainmemory pubBig datainmemory pub
Big datainmemory pub
Alexander Shvid
 
Open stack
Open stackOpen stack
Open stack
Luan Cestari
 
Guy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud securityGuy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud security
CSAIsrael
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael
 
OpenStack and Rackspace
OpenStack and RackspaceOpenStack and Rackspace
OpenStack and Rackspace
Everett Toews
 
Mirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 OverviewMirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 Overview
Mirantis
 

Viewers also liked (9)

Guy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference HighlightsGuy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference Highlights
 
6.1
6.16.1
6.1
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"
 
Big datainmemory pub
Big datainmemory pubBig datainmemory pub
Big datainmemory pub
 
Open stack
Open stackOpen stack
Open stack
 
Guy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud securityGuy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud security
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
 
OpenStack and Rackspace
OpenStack and RackspaceOpenStack and Rackspace
OpenStack and Rackspace
 
Mirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 OverviewMirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 Overview
 

Similar to Oded Tsur - Ca Cloud Security

Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibm
Sergio Loureiro
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
 
Jaime cabrera v mware. su nube. acelere ti. acelere su negocio
Jaime cabrera v mware. su nube. acelere ti. acelere su negocioJaime cabrera v mware. su nube. acelere ti. acelere su negocio
Jaime cabrera v mware. su nube. acelere ti. acelere su negocio
datacentersummit
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Chad Lawler
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
OpSource
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
Flexera
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
Niels Groeneveld
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
Amazon Web Services
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?
IRJET Journal
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Novell
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustext
Microsoft Norge AS
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Novell
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Amazon Web Services
 

Similar to Oded Tsur - Ca Cloud Security (20)

Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibm
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Jaime cabrera v mware. su nube. acelere ti. acelere su negocio
Jaime cabrera v mware. su nube. acelere ti. acelere su negocioJaime cabrera v mware. su nube. acelere ti. acelere su negocio
Jaime cabrera v mware. su nube. acelere ti. acelere su negocio
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustext
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 

Oded Tsur - Ca Cloud Security

  • 1. WHEN TITLE IS NOT A Security QUESTIO management to, for, and from the cloud CA’s Cloud Security Capabilities & Strategy Oded Tsur CISSP Sr. Solution strategist N O ‘WE CAN’
  • 2. Cloud - Next Wave of IT Architectures 2 Copyright © 2010 CA. All rights reserved.
  • 3. Many Have Adopted Some Cloud Services Some Have Adopted Many Cloud Services Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 3 Copyright © 2010 CA. All rights reserved.
  • 4. Why Adopting the Cloud? To Save $ & Time Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 4 Copyright © 2010 CA. All rights reserved.
  • 5. Who is Responsible For Security? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 5 Copyright © 2010 CA. All rights reserved.
  • 6. Do You know Your Cloud Services? Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 6 Copyright © 2010 CA. All rights reserved.
  • 7. IAM is #1 Area of Focus for Migration Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute, May 12, 2010 http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 7 Copyright © 2010 CA. All rights reserved.
  • 8. What is the Cloud? SaaS Public Cloud PaaS Hybrid Cloud IaaS Private Cloud 8 Copyright © 2010 CA. All rights reserved.
  • 9. Identity & Access Management - Defined Security Policy - REDUCED IDENTITIES MANY IDENTITIES MANY USERS MANY APPLICATIONS CENTRALIZED MANY ADMINS -  Easier administration ADMINISTRATION -  Single Sign-on -  Centralized Security ˉ  Reduced admin costs -  Reduced Costs -  User self-service -  Easier app dev ˉ  Consistent admin across platforms -  Improved auditing for easier compliance ˉ  Automation of IT processes
  • 10. 10 Copyright © 2010 CA. All rights reserved.
  • 11. Un Structured Physical Boundaries — VM Mobility beyond the server room − VMs can be copied, or cloned − Machine memory is accessible from the host − Disc space can be accessed from storage — Challenging Physical Security − Copying a VM = Stealing a server from the server room − The virtual DC is distributed – Not a mainframe 11
  • 12. The 4th Dimension - Time — What happens when we revert to snapshot? − LOST Audit Events − LOST configuration − LOST Security Policy — Am I Still Compliant with my Policy? 12
  • 13. Cloud Model Drives Security Implications Control .vs. Visibility Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 13 Copyright © 2010 CA. All rights reserved.
  • 14. Cloud Model Drives Security Implications Private Clouds are a Modern Form of Dedicated IT? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 14 Copyright © 2010 CA. All rights reserved.
  • 15. Cloud Model Drives Security Implications How do I manage my user’s SaaS accounts & their access? How do I collect & analyze SaaS security logs? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 15 Copyright © 2010 CA. All rights reserved.
  • 16. Cloud Model Drives Security Implications How do I define & enforce access policies in PaaS applications without creating more security silos? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 16 Copyright © 2010 CA. All rights reserved.
  • 17. Cloud Model Drives Security Implications How do I control privileged users in IaaS…both theirs & ours? Diagram from Burton Group report, Cloud Computing Security in the Enterprise, July 2009 17 Copyright © 2010 CA. All rights reserved.
  • 18. IAM & Trust Before Cloud — Trust established between the user & enterprise −  Or between user & each application when applications are silo-ed — IAM is deployed on-premise Enterprise   Corporate   Directory   “Iden4ty   Provider”   Public IAM User   Remote user In-­‐house   Applica4ons   18 Copyright © 2010 CA. All rights reserved.
  • 19. Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud Trust Models Will Need to Change 19 Copyright © 2010 CA. All rights reserved.
  • 20. 1 Extend Enterprise Security to the Cloud q  Enterprises will use more SaaS applications & Cloud services q  Trust model will be between user & enterprise q  The On-Premise IAM system “extends” out to the Cloud Ø  Provisioning and SSO to SaaS Applications Ø  Cloud Web Services for Mashing Applications Ø  Access Governance (certification & attestation) extends to Cloud Ø  Log Collection of Cloud applications Public Enterprise LAN Corporate Remote user Directory “Identity Provider” IAM User Dir Dir Dir 20 Copyright © 2010 CA. All rights reserved.
  • 21. 1 Extend Enterprise Security to the Cloud Need to… Provision users to SaaS Applications (SFDC, Google, etc) SSO (SAML-based) & Access Control to SaaS Applications Access Control to Cloud-based Web Services for building mashed applications Log access to SaaS Applications Control information while using SaaS Applications 21 Copyright © 2010 CA. All rights reserved.
  • 22. 1 Extend Enterprise Security to the Cloud Need to… Solution Provision users to SaaS Applications (SFDC, CA Identity Manager Google, etc) SSO (SAML-based) & Access Control to SaaS CA SiteMinder Applications CA Federation Manager Access Control to Cloud-based Web Services CA SOA Security for building mashed applications Manager Log access to SaaS Applications CA Enterprise Log Manager Control information while using SaaS CA DLP Applications 22 Copyright © 2010 CA. All rights reserved.
  • 23. 2 Security to enable Cloud Providers q  Enterprises providing private clouds & Organizations providing public clouds q  Security improvements needed to become more trusted Ø  Need to provide effective security controls Ø  Need to prove their controls through real time reporting Public Cloud Ø  Increase transparency of policies App 3 App 3 App 1 App 1 App 2 App 3 Customer 1 Customer 2 Customer n Enterprise Private Cloud App 3 App 3 Hyper Visor App 1 App 2 App 3 Hardware Hyper Visor IAM Hardware IAM 23 Copyright © 2010 CA. All rights reserved.
  • 24. 2 Entire CA IAM Solution for the Cloud The control you need to confidently drive business forward Control Control Control Identities Access Information Manage and govern Control access to systems Find, classify and control Focus identities and what they & applications across how information is used can access based on physical, virtual & cloud based on content and their role environments identity § CA Role & Compliance Mgr § CA Access Control § CA DLP Products § CA Identity Manager § CA SiteMinder § CA Enterprise Log Manager § CA Federation Manager § CA SOA Security Manager Content Aware Identity and Access Management 24 Copyright © 2010 CA. All rights reserved.
  • 25. Security to enable Cloud Providers 2 Support Virtualization & extend control to the hypervisor — Support Virtualization −  Secure Virtual Machines −  Log Collection from Virtual Machines −  Secure Privileged Partitions — Manage Complexity −  Deployment (Security encapsulation) −  Automation −  Extend Policy Management — Repeatable Compliance −  Control Identities, Access and Information −  Transparency of Access and Logs −  Cloud-Provider specific compliance requirements (eg. SAS-70) 25 Copyright © 2010 CA. All rights reserved.
  • 26. 3 Security from the Cloud Identity Services from the Cloud q  Eventually even user Identity (proofing, authentication, authorization/SSO, provisioning…) can be managed by a Cloud Service q  Trust will be very different Cloud IM Service Ø  User to Cloud security service “Identity Public ProvideR” Enterprise Corporate Remote user Directory “Identity Provider” IAM App User Dir Dir In-house Dir Applications 26 Copyright © 2010 CA. All rights reserved.
  • 27. Cloud Adoption & IAM 1 Extend Enterprise Security To the Cloud 2 Security For Cloud Providers 3 Security From the Cloud 27 Copyright © 2010 CA. All rights reserved.
  • 28. TIT E IS A Q&A QUES oded.tsur@ca.com ‘WE CAN ANSW IN BO