SlideShare a Scribd company logo

Regulatory compliant cloud computing rethinking web application architectures for the cloud by arshad noor, cto strong auth

Khazret Sapenov
Khazret Sapenov
1 of 44
A web-application architecture for Secure Cloud Computing Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 1
In the beginning... ● Your data-center ● Your mainframe or mini-computer Internal Internal Network Operations ● Your network ● Your Operations staff ● Your single-tiered, App CCN PIN monolithic applications DB KM OS Hardware Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 2
The PC-LAN ● Your data-center ● Your PC server ● Your PC client Internal Internal Network Operations ● Your network ● Your firewall ● Your Operations staff DB KM App CCN PIN OS OS ● Your two-tiered, Hardware Hardware client-server applications Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 3
The WWW ● Your data-center ● Your PC servers ● Your network ● Your firewall Internal Internal Network Operations ● Your Operations staff ● Your three-tiered, web applications DB KM AppSrv CCN PIN OS OS Hardware Hardware I Browser OS Hardware Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 4
The Public Cloud ● Cloud Service Provider's CSP CSP (CSP) data-center Network Operations ● CSP's hardware ● CSP's Hypervisor App CSP's Network CCN PIN ● DB KM ? ? ? ? OS ● CSP's Operations staff Hypervisor Hardware ● Unknown guests in VMs CSP Perimeter ● Your applications and data? Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 5
EKM in the Public Cloud? CSP CSP Network Operations Internal Internal Network Operations App CCN PIN LAN HSM DB OS ? ? ? ? Hypervisor Company Perimeter Hardware CSP Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 6
EKM with SaaS? SaaS Application Users SaaS SaaS Network Operations I Web Application EKMI VPN API ? ? ? ? ? Internal OS Operations Hardware Company Perimeter SaaS Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 7
What's missing? ● Methodology to use the Cloud without being vulnerable ● Controls to ensure that neither CSP nor attacker can compromise your data Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 8
The Paradigm Shift Regulatory Compliant Cloud Computing (RC3) Architecture to secure data in the Cloud with proof of compliance. Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 9
RC3 Characteristics 1) Data-classification 2) Separate processing zones 3) Encryption Key Management Infrastructure Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 10
RC3 Data Classification ● Class-1 – Sensitive and regulated data – SSN, CCN, ACH, Medical, etc. ● Class-2 – Sensitive but unregulated data – Application Credentials, Salaries, Sales figures, etc. ● Class-3 – Non-sensitive data Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 11
Data – Before RC3 Employee EID 12345 Class-1 data SSN 111-22-3333 Firstname John Lastname Doe HireDate 01/01/2011 Class-2 data Supervisor 23456 Salary 55000 Location 123 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 12
Data – After RC3 Employee EID 12345 SSN 9999000000003912 Firstname 9999000000005126 Class-3 data Lastname 9999000000005127 HireDate 01/01/2011 Supervisor 23456 Salary 9999000000007184 Location 123 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 13
Another way – After RC3 Employee EID 12345 RC3Data 9999000000001212 <EmployeeRC3Data> HireDate 01/01/2011 <SSN>111-22-3333</SSN> <Firstname>John</Firstname> Supervisor 23456 <Lastname>Doe</Lastname> <Salary>55000</Salary> Location 123 </EmployeeRC3Data> ,,,, Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 14
Data – Before RC3 Bank Account AID 12345678 Firstname Jane Class-2 data Lastname Smith SSN 111-22-4444 Class-1 data BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 15
Data – After RC3 Bank Account AID 9999000000023745 Firstname 9999000000071847 Lastname 9999000000071849 Class-3 data SSN 9999000000088764 BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 16
Another way – After RC3 Bank Account AID 9999000000023745 RC3Data 9999000000026458 <BankAccountRC3Data> BranchID 123 <SSN>111-22-4444</SSN> AccountType 1 <Firstname>Jane</Firstname> <Lastname>Smith</Lastname> DateOpened 02/02/2012 </BankAccountRC3Data> Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 17
Data – Before RC3 Patient PID 1234567 SSN 111-222-5555 Firstname John Lastname Smith Class-2 data Gender M DateOfBirth 03/03/1953 Class-1 data BloodType O+ .... Blood Report PID 1234567 Class-2 data ReportDate 04/04/2012 RBC 5.1 Class-1 data WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 18
Data – After RC3 Patient PID 9999000000023745 SSN 9999000000057599 Firstname 9999000000045910 Lastname 9999000000045911 Gender M Class-3 data DateOfBirth 03/03/1953 BloodType O+ .... Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 19
Another way – After RC3 Patient PID 9999000000023745 RC3Data 9999000000079921 Gender M DateOfBirth 03/03/1953 <PatientRC3Data> BloodType O+ <SSN>111-22-5555</SSN> <Firstname>John</Firstname> .... <Lastname>Smith</Lastname> </PatientRC3Data> Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 20
Yet another way – After RC3 Patient PID 9999000000023745 RC3Data 9999000000079921 BloodType O+ .... <PatientRC3Data> <SSN>111-22-5555</SSN> <Firstname>John</Firstname> <Lastname>Smith</Lastname> <Gender>M</Gender> <DOB>03/03/1953</DOB> </PatientRC3Data> Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 21
RC3 Zones ● Regulated Zone (Secure Zone) – Class-1 and Class-2 data-processing & storage – Enterprise Key Management Infrastructure (EKMI) ● Cloud Zone (Public Zone) – Class-3 data-processing & storage – Can, optionally, store C1/C2 tokens (C3-equivalent) – NO CRYPTOGRAPHY – NO IDENTITY MANAGEMENT SYSTEM – NO INBOUND CONNECTION TO REGULATED ZONE Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 22
WEB-APPLICATION MODEL Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 23
Basic web application Transaction Confirmation 2 Web Application Server Web-site Customer Details 1 Product Details Shipping Details Payment Details Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 24
With Redirection Company Perimeter Transaction Confirmation 4 Web Application Server Customer Details Product Details Shipping Details 1 Payment Confirmation 3 2 Payment Details Payment Processor Payment Processor Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 25
SECURE CLOUD COMPUTING FOR E-COMMERCE RC3 MODEL Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 26
E-COMMERCE - 1 Cloud Zone WebApp Web IAM 1 Application Authentication Credentials Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 27
E-COMMERCE - 2 Cloud Zone WebApp 2 Session Token Web 2 Application Session Token Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 28
E-COMMERCE - 3 Cloud Zone Customer ID Address Order Detail WebApp Session Token 3 Customer ID Address Order Detail Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 29
E-COMMERCE - 4 Cloud Zone Customer ID Address Order Detail WebApp 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 30
E-COMMERCE - 5 Cloud Zone Customer ID Address CCN Name Order Detail WebApp 5 CCN Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 31
E-COMMERCE - 6 Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 6 Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 32
E-COMMERCE - 7 Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 33
FULL TRANSACTION Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 34
HOW DO YOU TRANSITION TO RC3? Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 35
RC3 in the Enterprise Public Zone Customer ID CCN Name Web Address Application Order Detail Token Token 7 Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail Session Token Web Customer ID Name Application Credit Card Number Card Expiry Date Card Verification Value Amount Regulated Zone Phone E-mail address 4 Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 36
RC3 in Private Clouds Cloud Zone o p e n ta c k s Customer ID CCN Name Address Order Detail WebApp Token Token 7 Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail Session Token Web Customer ID Name Application Credit Card Number Card Expiry Date Card Verification Value Amount Regulated Zone Phone E-mail address 4 Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 37
RC3 in Public Clouds Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 38
RC3 rules for the Cloud ● Do NOT store/use cryptographic keys in the Cloud ● Do NOT store/use plaintext sensitive data in the Cloud ● Do NOT store credentials to anything in the Cloud ● Do NOT use CSP-supplied cryptographic keys ● DO change your Server SSL keys very frequently ● DO consider digitally signing/verifying Cloud data in the Regulated Zone ● Assume the worst (that your applications and data are operating on the open internet) and design for it Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 39
Resources ● Regulatory Compliant Cloud Computing (RC3) – http://www.ibm.com/developerworks/cloud/library/cl-regcloud/index.html – http://www.infoq.com/articles/regulatory-compliant-cloud-computing – http://bit.ly/rc3issa ● Cryptographic engine (enables RC3 applications) – http://www.cryptoengine.org ● CryptoCabinet (RC3 sample application) – http://www.cryptocabinet.org Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 40
RC3 Application Demo 1 5 Local PC 2 3 4 LDAP Corporate Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 41
RC3 Case Study ● Document-management e-commerce company in US ● Serving financial, health-care and legal markets ● Private Cloud ● Millions of documents – Sizes ranging from a few kilobytes to gigabytes ● Needed PCI-DSS level security ● Needed automatic ramp-up/ramp-down capability Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 42
RC3 Case Study Web Portal .... Corporate Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 43
Questions? ● Contact Information – Arshad Noor – arshad.noor@strongauth.com – +1 (408) 331-2001 Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 44

Recommended

Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Lai Yoong Seng
 
Cloud Connect
Cloud ConnectCloud Connect
Cloud Connectctrlsblog
 
OpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP ExpoOpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP ExpoADVA
 
Open Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network DevicesOpen Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network DevicesTal Lavian Ph.D.
 
White Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationWhite Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationIxia
 
BreakingPoint Resiliency Score Data Sheet
BreakingPoint Resiliency Score Data SheetBreakingPoint Resiliency Score Data Sheet
BreakingPoint Resiliency Score Data SheetIxia
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.Peter Coffee
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 

Recommended

Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Lai Yoong Seng
 
Cloud Connect
Cloud ConnectCloud Connect
Cloud Connectctrlsblog
 
OpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP ExpoOpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP ExpoADVA
 
Open Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network DevicesOpen Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network DevicesTal Lavian Ph.D.
 
White Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationWhite Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationIxia
 
BreakingPoint Resiliency Score Data Sheet
BreakingPoint Resiliency Score Data SheetBreakingPoint Resiliency Score Data Sheet
BreakingPoint Resiliency Score Data SheetIxia
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.Peter Coffee
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 
The Guardian
The GuardianThe Guardian
The GuardianAl Asbab FZ LLC
 
What is-your-network-riding-on
What is-your-network-riding-onWhat is-your-network-riding-on
What is-your-network-riding-onInternap
 
Track 3 - next generation computing
Track 3 - next generation computingTrack 3 - next generation computing
Track 3 - next generation computingEMC Forum India
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...scarisbrick
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108amanmadhok
 
Ap 622 ss 0112_chv4
Ap 622 ss 0112_chv4Ap 622 ss 0112_chv4
Ap 622 ss 0112_chv4Advantec Distribution
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Ap621 spec sheet
Ap621 spec sheetAp621 spec sheet
Ap621 spec sheetAdvantec Distribution
 
AP6522 Specification Sheet
AP6522 Specification SheetAP6522 Specification Sheet
AP6522 Specification SheetAdvantec Distribution
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudRoger Xia
 
BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 
Cloud computing and web processing services
Cloud computing and web processing servicesCloud computing and web processing services
Cloud computing and web processing servicesGasperi Jerome
 
times_2
times_2times_2
times_2Bryan Scott Dugan
 
Monter unprojet
Monter unprojetMonter unprojet
Monter unprojetrostand1985
 
CV
CVCV
CVMichael Garfoot
 
La competencia como organizadora de los programas de
La competencia como organizadora de los programas deLa competencia como organizadora de los programas de
La competencia como organizadora de los programas deDaniela Abarca
 

More Related Content

What's hot

What is-your-network-riding-on
What is-your-network-riding-onWhat is-your-network-riding-on
What is-your-network-riding-onInternap
 
Track 3 - next generation computing
Track 3 - next generation computingTrack 3 - next generation computing
Track 3 - next generation computingEMC Forum India
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...scarisbrick
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudRoger Xia
 
BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 

What's hot (17)

The Guardian
The GuardianThe Guardian
The Guardian
 
What is-your-network-riding-on
What is-your-network-riding-onWhat is-your-network-riding-on
What is-your-network-riding-on
 
Track 3 - next generation computing
Track 3 - next generation computingTrack 3 - next generation computing
Track 3 - next generation computing
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Center
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
Ap 622 ss 0112_chv4
Ap 622 ss 0112_chv4Ap 622 ss 0112_chv4
Ap 622 ss 0112_chv4
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Ap621 spec sheet
Ap621 spec sheetAp621 spec sheet
Ap621 spec sheet
 
AP6522 Specification Sheet
AP6522 Specification SheetAP6522 Specification Sheet
AP6522 Specification Sheet
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the Cloud
 
BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
 

Viewers also liked

Cloud computing and web processing services
Cloud computing and web processing servicesCloud computing and web processing services
Cloud computing and web processing servicesGasperi Jerome
 
La competencia como organizadora de los programas de
La competencia como organizadora de los programas deLa competencia como organizadora de los programas de
La competencia como organizadora de los programas deDaniela Abarca
 
Feedback from Sessions
Feedback from SessionsFeedback from Sessions
Feedback from SessionsChris Overhoff
 
Unidad 1 conflicto de la educación
Unidad 1 conflicto de la educaciónUnidad 1 conflicto de la educación
Unidad 1 conflicto de la educaciónDaniela Abarca
 
Curriculum Vitae-Theodore Danker
Curriculum Vitae-Theodore DankerCurriculum Vitae-Theodore Danker
Curriculum Vitae-Theodore DankerTheodore Danker
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in LibrariesAmit Shaw
 

Viewers also liked (12)

Cloud computing and web processing services
Cloud computing and web processing servicesCloud computing and web processing services
Cloud computing and web processing services
 
times_2
times_2times_2
times_2
 
Monter unprojet
Monter unprojetMonter unprojet
Monter unprojet
 
CV
CVCV
CV
 
La competencia como organizadora de los programas de
La competencia como organizadora de los programas deLa competencia como organizadora de los programas de
La competencia como organizadora de los programas de
 
050
050050
050
 
Unidad 3
Unidad 3Unidad 3
Unidad 3
 
Feedback from Sessions
Feedback from SessionsFeedback from Sessions
Feedback from Sessions
 
Unidad 1 conflicto de la educación
Unidad 1 conflicto de la educaciónUnidad 1 conflicto de la educación
Unidad 1 conflicto de la educación
 
Pechakucha
PechakuchaPechakucha
Pechakucha
 
Curriculum Vitae-Theodore Danker
Curriculum Vitae-Theodore DankerCurriculum Vitae-Theodore Danker
Curriculum Vitae-Theodore Danker
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in Libraries
 

Similar to Regulatory compliant cloud computing rethinking web application architectures for the cloud by arshad noor, cto strong auth

Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Smart Clouds for Smart Companies
Smart Clouds for Smart CompaniesSmart Clouds for Smart Companies
Smart Clouds for Smart CompaniesPeter Coffee
 
透過電腦視覺與人工智慧創造物聯網新價值
透過電腦視覺與人工智慧創造物聯網新價值透過電腦視覺與人工智慧創造物聯網新價值
透過電腦視覺與人工智慧創造物聯網新價值John Chang
 
Operating the Hyperscale Cloud
Operating the Hyperscale CloudOperating the Hyperscale Cloud
Operating the Hyperscale CloudOpen Stack
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to GearmanGiuseppe Maxia
 
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...Charlie78horse
 
RTI Data-Distribution Service (DDS) Master Class - 2010
RTI Data-Distribution Service (DDS) Master Class - 2010RTI Data-Distribution Service (DDS) Master Class - 2010
RTI Data-Distribution Service (DDS) Master Class - 2010Gerardo Pardo-Castellote
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
Joyent Cloud Data Sheet
Joyent Cloud Data SheetJoyent Cloud Data Sheet
Joyent Cloud Data SheetScott Herson
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availabilitydataplex systems limited
 
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...Edge AI and Vision Alliance
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 

Similar to Regulatory compliant cloud computing rethinking web application architectures for the cloud by arshad noor, cto strong auth (20)

Embrace private cloud with confidence
Embrace private cloud with confidenceEmbrace private cloud with confidence
Embrace private cloud with confidence
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
 
NFV SDN for carriers
NFV SDN for carriersNFV SDN for carriers
NFV SDN for carriers
 
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
 
Smart Clouds for Smart Companies
Smart Clouds for Smart CompaniesSmart Clouds for Smart Companies
Smart Clouds for Smart Companies
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
透過電腦視覺與人工智慧創造物聯網新價值
透過電腦視覺與人工智慧創造物聯網新價值透過電腦視覺與人工智慧創造物聯網新價值
透過電腦視覺與人工智慧創造物聯網新價值
 
Operating the Hyperscale Cloud
Operating the Hyperscale CloudOperating the Hyperscale Cloud
Operating the Hyperscale Cloud
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to Gearman
 
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
 
DirectAccess
DirectAccessDirectAccess
DirectAccess
 
RTI Data-Distribution Service (DDS) Master Class - 2010
RTI Data-Distribution Service (DDS) Master Class - 2010RTI Data-Distribution Service (DDS) Master Class - 2010
RTI Data-Distribution Service (DDS) Master Class - 2010
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Joyent Cloud Data Sheet
Joyent Cloud Data SheetJoyent Cloud Data Sheet
Joyent Cloud Data Sheet
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availability
 
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...
“Introducing the Kria Robotics Starter Kit: Robotics and Machine Vision for S...
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 

More from Khazret Sapenov

V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012Khazret Sapenov
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudKhazret Sapenov
 
Up2012edit daniel chalef
Up2012edit daniel chalefUp2012edit daniel chalef
Up2012edit daniel chalefKhazret Sapenov
 
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbUp2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbKhazret Sapenov
 
Up 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalUp 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalKhazret Sapenov
 
Up 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalUp 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalKhazret Sapenov
 
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Khazret Sapenov
 
Transverse up cloud 2012 - final
Transverse up cloud 2012 - finalTransverse up cloud 2012 - final
Transverse up cloud 2012 - finalKhazret Sapenov
 
Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Khazret Sapenov
 
The elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudThe elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudKhazret Sapenov
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Khazret Sapenov
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Khazret Sapenov
 
Memsql product overview_2013
Memsql product overview_2013Memsql product overview_2013
Memsql product overview_2013Khazret Sapenov
 
Managing application performance for cloud apps bmc
Managing application performance for cloud apps bmcManaging application performance for cloud apps bmc
Managing application performance for cloud apps bmcKhazret Sapenov
 
Glenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxGlenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxKhazret Sapenov
 
Future of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonFuture of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonKhazret Sapenov
 
Efrat ip up con 2012 presentation
Efrat ip up con 2012 presentationEfrat ip up con 2012 presentation
Efrat ip up con 2012 presentationKhazret Sapenov
 
Decentralized cloud an industrial reality with higher resilience by jean-pa...
Decentralized cloud an industrial reality with higher resilience by jean-pa...Decentralized cloud an industrial reality with higher resilience by jean-pa...
Decentralized cloud an industrial reality with higher resilience by jean-pa...Khazret Sapenov
 

More from Khazret Sapenov (20)

V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
 
Up2012edit daniel chalef
Up2012edit daniel chalefUp2012edit daniel chalef
Up2012edit daniel chalef
 
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbUp2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
 
Up 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalUp 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_final
 
Up 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalUp 2012 wally mac dermid - final
Up 2012 wally mac dermid - final
 
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
 
Transverse up cloud 2012 - final
Transverse up cloud 2012 - finalTransverse up cloud 2012 - final
Transverse up cloud 2012 - final
 
Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...
 
The elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudThe elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloud
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
 
Memsql product overview_2013
Memsql product overview_2013Memsql product overview_2013
Memsql product overview_2013
 
Managing application performance for cloud apps bmc
Managing application performance for cloud apps bmcManaging application performance for cloud apps bmc
Managing application performance for cloud apps bmc
 
Making case up
Making case upMaking case up
Making case up
 
Green qloud up-con
Green qloud up-conGreen qloud up-con
Green qloud up-con
 
Glenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxGlenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptx
 
Future of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonFuture of cloud up presentation m_dawson
Future of cloud up presentation m_dawson
 
Efrat ip up con 2012 presentation
Efrat ip up con 2012 presentationEfrat ip up con 2012 presentation
Efrat ip up con 2012 presentation
 
Decentralized cloud an industrial reality with higher resilience by jean-pa...
Decentralized cloud an industrial reality with higher resilience by jean-pa...Decentralized cloud an industrial reality with higher resilience by jean-pa...
Decentralized cloud an industrial reality with higher resilience by jean-pa...
 

Regulatory compliant cloud computing rethinking web application architectures for the cloud by arshad noor, cto strong auth

  • 1. A web-application architecture for Secure Cloud Computing Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 1
  • 2. In the beginning... ● Your data-center ● Your mainframe or mini-computer Internal Internal Network Operations ● Your network ● Your Operations staff ● Your single-tiered, App CCN PIN monolithic applications DB KM OS Hardware Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 2
  • 3. The PC-LAN ● Your data-center ● Your PC server ● Your PC client Internal Internal Network Operations ● Your network ● Your firewall ● Your Operations staff DB KM App CCN PIN OS OS ● Your two-tiered, Hardware Hardware client-server applications Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 3
  • 4. The WWW ● Your data-center ● Your PC servers ● Your network ● Your firewall Internal Internal Network Operations ● Your Operations staff ● Your three-tiered, web applications DB KM AppSrv CCN PIN OS OS Hardware Hardware I Browser OS Hardware Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 4
  • 5. The Public Cloud ● Cloud Service Provider's CSP CSP (CSP) data-center Network Operations ● CSP's hardware ● CSP's Hypervisor App CSP's Network CCN PIN ● DB KM ? ? ? ? OS ● CSP's Operations staff Hypervisor Hardware ● Unknown guests in VMs CSP Perimeter ● Your applications and data? Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 5
  • 6. EKM in the Public Cloud? CSP CSP Network Operations Internal Internal Network Operations App CCN PIN LAN HSM DB OS ? ? ? ? Hypervisor Company Perimeter Hardware CSP Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 6
  • 7. EKM with SaaS? SaaS Application Users SaaS SaaS Network Operations I Web Application EKMI VPN API ? ? ? ? ? Internal OS Operations Hardware Company Perimeter SaaS Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 7
  • 8. What's missing? ● Methodology to use the Cloud without being vulnerable ● Controls to ensure that neither CSP nor attacker can compromise your data Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 8
  • 9. The Paradigm Shift Regulatory Compliant Cloud Computing (RC3) Architecture to secure data in the Cloud with proof of compliance. Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 9
  • 10. RC3 Characteristics 1) Data-classification 2) Separate processing zones 3) Encryption Key Management Infrastructure Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 10
  • 11. RC3 Data Classification ● Class-1 – Sensitive and regulated data – SSN, CCN, ACH, Medical, etc. ● Class-2 – Sensitive but unregulated data – Application Credentials, Salaries, Sales figures, etc. ● Class-3 – Non-sensitive data Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 11
  • 12. Data – Before RC3 Employee EID 12345 Class-1 data SSN 111-22-3333 Firstname John Lastname Doe HireDate 01/01/2011 Class-2 data Supervisor 23456 Salary 55000 Location 123 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 12
  • 13. Data – After RC3 Employee EID 12345 SSN 9999000000003912 Firstname 9999000000005126 Class-3 data Lastname 9999000000005127 HireDate 01/01/2011 Supervisor 23456 Salary 9999000000007184 Location 123 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 13
  • 14. Another way – After RC3 Employee EID 12345 RC3Data 9999000000001212 <EmployeeRC3Data> HireDate 01/01/2011 <SSN>111-22-3333</SSN> <Firstname>John</Firstname> Supervisor 23456 <Lastname>Doe</Lastname> <Salary>55000</Salary> Location 123 </EmployeeRC3Data> ,,,, Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 14
  • 15. Data – Before RC3 Bank Account AID 12345678 Firstname Jane Class-2 data Lastname Smith SSN 111-22-4444 Class-1 data BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 15
  • 16. Data – After RC3 Bank Account AID 9999000000023745 Firstname 9999000000071847 Lastname 9999000000071849 Class-3 data SSN 9999000000088764 BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 16
  • 17. Another way – After RC3 Bank Account AID 9999000000023745 RC3Data 9999000000026458 <BankAccountRC3Data> BranchID 123 <SSN>111-22-4444</SSN> AccountType 1 <Firstname>Jane</Firstname> <Lastname>Smith</Lastname> DateOpened 02/02/2012 </BankAccountRC3Data> Balance 794.25 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 17
  • 18. Data – Before RC3 Patient PID 1234567 SSN 111-222-5555 Firstname John Lastname Smith Class-2 data Gender M DateOfBirth 03/03/1953 Class-1 data BloodType O+ .... Blood Report PID 1234567 Class-2 data ReportDate 04/04/2012 RBC 5.1 Class-1 data WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 18
  • 19. Data – After RC3 Patient PID 9999000000023745 SSN 9999000000057599 Firstname 9999000000045910 Lastname 9999000000045911 Gender M Class-3 data DateOfBirth 03/03/1953 BloodType O+ .... Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 19
  • 20. Another way – After RC3 Patient PID 9999000000023745 RC3Data 9999000000079921 Gender M DateOfBirth 03/03/1953 <PatientRC3Data> BloodType O+ <SSN>111-22-5555</SSN> <Firstname>John</Firstname> .... <Lastname>Smith</Lastname> </PatientRC3Data> Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 20
  • 21. Yet another way – After RC3 Patient PID 9999000000023745 RC3Data 9999000000079921 BloodType O+ .... <PatientRC3Data> <SSN>111-22-5555</SSN> <Firstname>John</Firstname> <Lastname>Smith</Lastname> <Gender>M</Gender> <DOB>03/03/1953</DOB> </PatientRC3Data> Blood Report PID 9999000000023745 ReportDate 04/04/2012 RBC 5.1 WBC 7.5 .... Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 21
  • 22. RC3 Zones ● Regulated Zone (Secure Zone) – Class-1 and Class-2 data-processing & storage – Enterprise Key Management Infrastructure (EKMI) ● Cloud Zone (Public Zone) – Class-3 data-processing & storage – Can, optionally, store C1/C2 tokens (C3-equivalent) – NO CRYPTOGRAPHY – NO IDENTITY MANAGEMENT SYSTEM – NO INBOUND CONNECTION TO REGULATED ZONE Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 22
  • 23. WEB-APPLICATION MODEL Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 23
  • 24. Basic web application Transaction Confirmation 2 Web Application Server Web-site Customer Details 1 Product Details Shipping Details Payment Details Company Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 24
  • 25. With Redirection Company Perimeter Transaction Confirmation 4 Web Application Server Customer Details Product Details Shipping Details 1 Payment Confirmation 3 2 Payment Details Payment Processor Payment Processor Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 25
  • 26. SECURE CLOUD COMPUTING FOR E-COMMERCE RC3 MODEL Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 26
  • 27. E-COMMERCE - 1 Cloud Zone WebApp Web IAM 1 Application Authentication Credentials Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 27
  • 28. E-COMMERCE - 2 Cloud Zone WebApp 2 Session Token Web 2 Application Session Token Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 28
  • 29. E-COMMERCE - 3 Cloud Zone Customer ID Address Order Detail WebApp Session Token 3 Customer ID Address Order Detail Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 29
  • 30. E-COMMERCE - 4 Cloud Zone Customer ID Address Order Detail WebApp 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 30
  • 31. E-COMMERCE - 5 Cloud Zone Customer ID Address CCN Name Order Detail WebApp 5 CCN Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 31
  • 32. E-COMMERCE - 6 Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 6 Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 32
  • 33. E-COMMERCE - 7 Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Web Application Regulated Zone Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 33
  • 34. FULL TRANSACTION Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 34
  • 35. HOW DO YOU TRANSITION TO RC3? Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 35
  • 36. RC3 in the Enterprise Public Zone Customer ID CCN Name Web Address Application Order Detail Token Token 7 Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail Session Token Web Customer ID Name Application Credit Card Number Card Expiry Date Card Verification Value Amount Regulated Zone Phone E-mail address 4 Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 36
  • 37. RC3 in Private Clouds Cloud Zone o p e n ta c k s Customer ID CCN Name Address Order Detail WebApp Token Token 7 Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail Session Token Web Customer ID Name Application Credit Card Number Card Expiry Date Card Verification Value Amount Regulated Zone Phone E-mail address 4 Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 37
  • 38. RC3 in Public Clouds Cloud Zone Customer ID Address CCN Name Order Detail WebApp Token 7 Token Session Token 3 Customer ID 5 CCN Token 6 Address Order Detail 4 Web Session Token Application Customer ID Name Credit Card Number Card Expiry Date Regulated Zone Card Verification Value Amount Phone E-mail address Company Perimeter or MSP Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 38
  • 39. RC3 rules for the Cloud ● Do NOT store/use cryptographic keys in the Cloud ● Do NOT store/use plaintext sensitive data in the Cloud ● Do NOT store credentials to anything in the Cloud ● Do NOT use CSP-supplied cryptographic keys ● DO change your Server SSL keys very frequently ● DO consider digitally signing/verifying Cloud data in the Regulated Zone ● Assume the worst (that your applications and data are operating on the open internet) and design for it Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 39
  • 40. Resources ● Regulatory Compliant Cloud Computing (RC3) – http://www.ibm.com/developerworks/cloud/library/cl-regcloud/index.html – http://www.infoq.com/articles/regulatory-compliant-cloud-computing – http://bit.ly/rc3issa ● Cryptographic engine (enables RC3 applications) – http://www.cryptoengine.org ● CryptoCabinet (RC3 sample application) – http://www.cryptocabinet.org Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 40
  • 41. RC3 Application Demo 1 5 Local PC 2 3 4 LDAP Corporate Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 41
  • 42. RC3 Case Study ● Document-management e-commerce company in US ● Serving financial, health-care and legal markets ● Private Cloud ● Millions of documents – Sizes ranging from a few kilobytes to gigabytes ● Needed PCI-DSS level security ● Needed automatic ramp-up/ramp-down capability Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 42
  • 43. RC3 Case Study Web Portal .... Corporate Perimeter Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 43
  • 44. Questions? ● Contact Information – Arshad Noor – arshad.noor@strongauth.com – +1 (408) 331-2001 Provable regulatory compliance! StrongAuth, Inc. Proprietary Version 1.2 – August 2012 44