Mauricio Godoy, profile picture
Uploaded byMauricio Godoy
PPT, PDF490 views

Security cloud forum_2011

The document discusses cloud computing security strategies and IBM's approach. It recommends identifying important data, understanding different cloud models and workloads, and building security into the cloud fabric. IBM's security portfolio applies workload-driven security across private, public and hybrid clouds. The document provides guidance on preparing to move workloads to the cloud securely.

Embed presentation

Downloaded 19 times
 
Choosing the Right Security Strategy for Cloud Computing Harold Moss CTO/Chief Architect Cloud Security Strategy
Introduction to Cloud Computing
“ The Cloud has the potential to be more secure than traditional environments”
What’s Important?
Can you identify your Important Data?
http://creativecommons.org/licenses/by/2.5/
There are Multiple Delivery Models for Clouds
And Multiple Deployment Paths…
What Other Vendors Tell People About their Clouds and Their Security
Our Perspective
Our Approach to the Cloud
Security by Design: “Building Security into the fabric of the Cloud”
Just Like there are different Clouds, there are different workloads
Workload Driven: “Relevant security not just Fluff”
Service Enabled: “Building Better Walls”
Innovation Powered: “Creating Security for tomorrow”
The IBM Security Portfolio
Applying Workload Driven Security to a Private Cloud Intrusion Prevention Monitoring Access Management Data Security Application Evaluation Database Design/Test Virtual Server Protection Security Event Monitoring Provisioning
Example: Cloud Security in the Public Space Firewall IPS Data Protection Access Identity Federated Identity VM Protection Patch Mgmt. Configuration Mgmt. Security Event Log Mgmt. Audit Vulnerability Mgmt.
Hybrid Cloud Scenario
New Security Capabilities for 2011
Preparing to Move to the Cloud “ Cloud Computing” is complex where to begin: Engage Experts who have had prior success in the cloud. Establish a set of measures that clarify what a successful engagement in the cloud would look like. If externally hosting your cloud ensure that your vendor is reliable Identify what workloads you are most comfortable with don’t just dive in. Determine the appropriate security for your workload, and leverage managed services where possible Build Consensus upfront, one sided decisions tend to fail in the cloud
IBM Cloud Security Guidance Based on cross-IBM research and customer interaction on cloud security Highlights a series of best practice controls that should be implemented Broken into 7 critical infrastructure components: Building a Security Program Confidential Data Protection Implementing Strong Access and Identity Application Provisioning and De-provisioning Governance Audit Management Vulnerability Management Testing and Validation
Cloud Security Whitepaper Trust needs to be achieved, especially when data is stored in new ways and in new locations, including for example different countries. This paper is provided to stimulate discussion by looking at three areas: What is different about cloud? What are the new security challenges cloud introduces? What can be done and what should be considered further? http://www-03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTACH_FILE1&fileName=10-0861_US%20Cloud%20Computing%20White%20Paper_Final_LR.pdf
Why IBM IBM is the only company with the Breadth and depth of products, technologies, services and business partners to provide end-to-end security. IBM has over 200 Security related products and over 3500 Highly Skilled Security professionals IBM has over 40 years of security development and innovation experience IBM has six worldwide research labs innovating security technology and nine security operations centers. IBM analyzes more than 13 billion security events on behalf of its clients and block more than 150 million attacks each day. IBM is one of the most trusted companies in the World.
Security cloud forum_2011

More Related Content

PPTX
Cloud security training, certified cloud security professional
byBryan Len
 
PDF
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
PPTX
Ohm2013 cloud security 101 slideshare
byPeter HJ van Eijk
 
PPTX
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
PPTX
Cloud Security
byThe TNS Group
 
PDF
Data security in cloud environment
byShivam Singh
 
PPTX
Cloud with Cyber Security
byNiki Upadhyay
 
PPTX
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
byAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Cloud security training, certified cloud security professional
byBryan Len
 
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
Ohm2013 cloud security 101 slideshare
byPeter HJ van Eijk
 
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
Cloud Security
byThe TNS Group
 
Data security in cloud environment
byShivam Singh
 
Cloud with Cyber Security
byNiki Upadhyay
 
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
byAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 

What's hot

PDF
Cloud Security - Kloudlearn
byKloudLearn
 
PPTX
Security and Privacy in Cloud Computing - a High-level view
byragibhasan
 
PPT
Cloud Computing
byvijay_m_chaudhary
 
PPTX
Security in cloud computing kashyap kunal
byKashyap Kunal
 
PPTX
Authentication and Privacy in Cloud
byMphasis
 
PPTX
Cloud computing
byShivam Singh
 
PPTX
Cloud computing security
byMamta Saxena
 
PDF
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
byMarco Balduzzi
 
PDF
Guide to Sharpening Security in the Public Cloud
byInsight
 
PDF
Cloud computing for SMBs
byKrishnan Subramanian
 
PPTX
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
PDF
Security in the Cloud: Tips on How to Protect Your Data
byProcore Technologies
 
PPTX
Xerox Secure X 060711 Tg
byloriwebster1
 
PPT
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
byChris Purrington
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PPTX
Security as a Service Model for Cloud Environment
byKaashivInfoTech Company
 
PDF
Risk Management in the Cloud
byDavid X Martin
 
PPTX
Cloud Security Webinar
bypunedevscom
 
PPTX
Cloud Managed Services: Cloud Infrastructure
byThe TNS Group
 
PPTX
Architect secure cloud services.
byMoshe Ferber
 
Cloud Security - Kloudlearn
byKloudLearn
 
Security and Privacy in Cloud Computing - a High-level view
byragibhasan
 
Cloud Computing
byvijay_m_chaudhary
 
Security in cloud computing kashyap kunal
byKashyap Kunal
 
Authentication and Privacy in Cloud
byMphasis
 
Cloud computing
byShivam Singh
 
Cloud computing security
byMamta Saxena
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
byMarco Balduzzi
 
Guide to Sharpening Security in the Public Cloud
byInsight
 
Cloud computing for SMBs
byKrishnan Subramanian
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
Security in the Cloud: Tips on How to Protect Your Data
byProcore Technologies
 
Xerox Secure X 060711 Tg
byloriwebster1
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
byChris Purrington
 
cloud security ppt
byDevyani Vaidya
 
Security as a Service Model for Cloud Environment
byKaashivInfoTech Company
 
Risk Management in the Cloud
byDavid X Martin
 
Cloud Security Webinar
bypunedevscom
 
Cloud Managed Services: Cloud Infrastructure
byThe TNS Group
 
Architect secure cloud services.
byMoshe Ferber
 

Viewers also liked

PPT
Powerpoint Technology
byUniversity of Findlay
 
PPT
Cloud forum-lessons-learned-20110405c-final
byMauricio Godoy
 
PPT
SNHY PPT
byveryseml
 
PPTX
Water Quality Testing
byJoy Hoeffler
 
PPTX
Hospitality Frying Pan
bySai Corson Studios LLC
 
PDF
Moultrie
bycoalcar
 
DOCX
Manual de matematicas
byJorge Mardones Marambio
 
PPT
Pl Group1
byrakeshchandrayan
 
DOCX
Mate any
byJorge Mardones Marambio
 
PPTX
A Guide to the BAGIS Program
byJoy Hoeffler
 
PPTX
CMAP Regional Water Supply Planning Group
byJoy Hoeffler
 
PPTX
Financial Market Know How
byrakeshchandrayan
 
PPTX
Imk ergonomi komputer
byBudi ESt
 
Powerpoint Technology
byUniversity of Findlay
 
Cloud forum-lessons-learned-20110405c-final
byMauricio Godoy
 
SNHY PPT
byveryseml
 
Water Quality Testing
byJoy Hoeffler
 
Hospitality Frying Pan
bySai Corson Studios LLC
 
Moultrie
bycoalcar
 
Manual de matematicas
byJorge Mardones Marambio
 
Pl Group1
byrakeshchandrayan
 
Mate any
byJorge Mardones Marambio
 
A Guide to the BAGIS Program
byJoy Hoeffler
 
CMAP Regional Water Supply Planning Group
byJoy Hoeffler
 
Financial Market Know How
byrakeshchandrayan
 
Imk ergonomi komputer
byBudi ESt
 

Similar to Security cloud forum_2011

PDF
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
byGlenn Ambler
 
PDF
Cloud security: Accelerating cloud adoption
byDell World
 
PDF
Resetting Your Security Thinking for the Public Cloud
byMighty Guides, Inc.
 
PDF
Whitepaper: Security of the Cloud
byCloudSmartz
 
PDF
Security of the Cloud
byEpoch Universal, Inc.
 
PDF
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
byDataSpace Academy
 
PDF
Strategies for assessing cloud security
byArun Gopinath
 
PDF
Strategies for assessing cloud security
byIBM India Smarter Computing
 
PDF
Ast 0064255 strategies-for_assessing_cloud_security
byAccenture
 
PPTX
Cloud Security By Dr. Anton Ravindran
byGSTF
 
PDF
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
byForgeahead Solutions
 
PDF
Presentation cloud security the grand challenge
byxKinAnx
 
PDF
Security Building Blocks of the IBM Cloud Computing Reference Architecture
byStefaan Van daele
 
PPTX
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
PDF
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
PPTX
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
PDF
Lecture27 cc-security2
byAnkit Gupta
 
PDF
How Secure Is Cloud
byWilliam Lam
 
PPTX
Cloud computing - Assessing the Security Risks - Jared Carstensen
byjaredcarst
 
PDF
Cloud Security Challenges, Types, and Best Practises.pdf
bymanoharparakh
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
byGlenn Ambler
 
Cloud security: Accelerating cloud adoption
byDell World
 
Resetting Your Security Thinking for the Public Cloud
byMighty Guides, Inc.
 
Whitepaper: Security of the Cloud
byCloudSmartz
 
Security of the Cloud
byEpoch Universal, Inc.
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
byDataSpace Academy
 
Strategies for assessing cloud security
byArun Gopinath
 
Strategies for assessing cloud security
byIBM India Smarter Computing
 
Ast 0064255 strategies-for_assessing_cloud_security
byAccenture
 
Cloud Security By Dr. Anton Ravindran
byGSTF
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
byForgeahead Solutions
 
Presentation cloud security the grand challenge
byxKinAnx
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
byStefaan Van daele
 
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
Lecture27 cc-security2
byAnkit Gupta
 
How Secure Is Cloud
byWilliam Lam
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
byjaredcarst
 
Cloud Security Challenges, Types, and Best Practises.pdf
bymanoharparakh
 

More from Mauricio Godoy

PDF
Pund-IT: Getting Things Right—Software and IBM’s Acquisition Strategy
byMauricio Godoy
 
PDF
BusinessWeek: The Presentation Secrets of Steve Jobs
byMauricio Godoy
 
PDF
Martin Wildberger Presentation
byMauricio Godoy
 
PDF
Big Data Whitepaper - Streams and Big Insights Integration Patterns
byMauricio Godoy
 
PDF
Yahoo & Hadoop
byMauricio Godoy
 
PDF
Robert LeBlanc - Why Big Data? Why Now?
byMauricio Godoy
 
PPT
Robert LeBlanc - Cloud Forum Presentation
byMauricio Godoy
 
PPT
The client defined cloud final clementi
byMauricio Godoy
 
PPT
Steve Mills - Dispelling the Vapor Around Cloud Computing
byMauricio Godoy
 
PPT
Mdr cloud 040611_v4_final
byMauricio Godoy
 
PPT
Ibm cloud forum managing heterogenousclouds_final
byMauricio Godoy
 
PPT
Cloud forum 2011 s poulley keynote v10
byMauricio Godoy
 
PPT
Cloud forum 2011 s poulley keynote v10
byMauricio Godoy
 
PPT
Ibm cloud forum april - blue insight final
byMauricio Godoy
 
PPT
Cloud forum platform - from sap to new applications final a
byMauricio Godoy
 
DOC
Press releases
byMauricio Godoy
 
PDF
Cloud Update
byMauricio Godoy
 
PDF
Marie and Beth AR Presentation - IMPACT
byMauricio Godoy
 
PDF
Marie and Beth AR Presentation
byMauricio Godoy
 
PDF
Welcome letter from phil gilbert with list of bpm customer speakers
byMauricio Godoy
 
Pund-IT: Getting Things Right—Software and IBM’s Acquisition Strategy
byMauricio Godoy
 
BusinessWeek: The Presentation Secrets of Steve Jobs
byMauricio Godoy
 
Martin Wildberger Presentation
byMauricio Godoy
 
Big Data Whitepaper - Streams and Big Insights Integration Patterns
byMauricio Godoy
 
Yahoo & Hadoop
byMauricio Godoy
 
Robert LeBlanc - Why Big Data? Why Now?
byMauricio Godoy
 
Robert LeBlanc - Cloud Forum Presentation
byMauricio Godoy
 
The client defined cloud final clementi
byMauricio Godoy
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
byMauricio Godoy
 
Mdr cloud 040611_v4_final
byMauricio Godoy
 
Ibm cloud forum managing heterogenousclouds_final
byMauricio Godoy
 
Cloud forum 2011 s poulley keynote v10
byMauricio Godoy
 
Cloud forum 2011 s poulley keynote v10
byMauricio Godoy
 
Ibm cloud forum april - blue insight final
byMauricio Godoy
 
Cloud forum platform - from sap to new applications final a
byMauricio Godoy
 
Press releases
byMauricio Godoy
 
Cloud Update
byMauricio Godoy
 
Marie and Beth AR Presentation - IMPACT
byMauricio Godoy
 
Marie and Beth AR Presentation
byMauricio Godoy
 
Welcome letter from phil gilbert with list of bpm customer speakers
byMauricio Godoy
 

Security cloud forum_2011

  • 1.
  • 2.
    Choosing the RightSecurity Strategy for Cloud Computing Harold Moss CTO/Chief Architect Cloud Security Strategy
  • 5.
  • 11.
    “ The Cloudhas the potential to be more secure than traditional environments”
  • 14.
  • 15.
    Can you identifyyour Important Data?
  • 16.
  • 27.
    There are MultipleDelivery Models for Clouds
  • 28.
  • 29.
    What Other VendorsTell People About their Clouds and Their Security
  • 30.
  • 31.
    Our Approach tothe Cloud
  • 32.
    Security by Design: “Building Security into the fabric of the Cloud”
  • 33.
    Just Like thereare different Clouds, there are different workloads
  • 34.
    Workload Driven: “Relevant security not just Fluff”
  • 35.
    Service Enabled: “Building Better Walls”
  • 36.
    Innovation Powered: “Creating Security for tomorrow”
  • 37.
  • 38.
    Applying Workload DrivenSecurity to a Private Cloud Intrusion Prevention Monitoring Access Management Data Security Application Evaluation Database Design/Test Virtual Server Protection Security Event Monitoring Provisioning
  • 39.
    Example: Cloud Securityin the Public Space Firewall IPS Data Protection Access Identity Federated Identity VM Protection Patch Mgmt. Configuration Mgmt. Security Event Log Mgmt. Audit Vulnerability Mgmt.
  • 40.
  • 41.
  • 42.
    Preparing to Moveto the Cloud “ Cloud Computing” is complex where to begin: Engage Experts who have had prior success in the cloud. Establish a set of measures that clarify what a successful engagement in the cloud would look like. If externally hosting your cloud ensure that your vendor is reliable Identify what workloads you are most comfortable with don’t just dive in. Determine the appropriate security for your workload, and leverage managed services where possible Build Consensus upfront, one sided decisions tend to fail in the cloud
  • 43.
    IBM Cloud SecurityGuidance Based on cross-IBM research and customer interaction on cloud security Highlights a series of best practice controls that should be implemented Broken into 7 critical infrastructure components: Building a Security Program Confidential Data Protection Implementing Strong Access and Identity Application Provisioning and De-provisioning Governance Audit Management Vulnerability Management Testing and Validation
  • 44.
    Cloud Security WhitepaperTrust needs to be achieved, especially when data is stored in new ways and in new locations, including for example different countries. This paper is provided to stimulate discussion by looking at three areas: What is different about cloud? What are the new security challenges cloud introduces? What can be done and what should be considered further? http://www-03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTACH_FILE1&fileName=10-0861_US%20Cloud%20Computing%20White%20Paper_Final_LR.pdf
  • 45.
    Why IBM IBMis the only company with the Breadth and depth of products, technologies, services and business partners to provide end-to-end security. IBM has over 200 Security related products and over 3500 Highly Skilled Security professionals IBM has over 40 years of security development and innovation experience IBM has six worldwide research labs innovating security technology and nine security operations centers. IBM analyzes more than 13 billion security events on behalf of its clients and block more than 150 million attacks each day. IBM is one of the most trusted companies in the World.

Editor's Notes

  • #6 Discuss 5 Attributes of Cloud and Impacts which they pose for Security
  • #7 Discuss initial phase of Cloud Computing
  • #8 How its focus shifted from cool technology to Cost Reduction Efforts
  • #9 How organizations begin to see the cloud as a means of increasing revenues
  • #10 Then seen as a transformative element, Shift of perception particularly by non IT organizations to leverage the cloud as a opportunity
  • #11 Focus on Competitive, Non Cloud vendors leveraging the cloud to convert internal APIs from Expenses to assets. Highlight Brinks Cloud based money management offering and fact that this shift has resulted in a change to how organizations operate.
  • #12 Introduce Network Workload Story and How perceptions changed (Angry Villagers Torches->agreement)
  • #13 Highlight the results of IBM network world tech debate, initial perceptions we lost then we ended up building momentum and more than 2/3 agreed with arguments, then lead to the 4 arguments used in the article.
  • #14 First those who adopt cloud based technologies do so in a deliberate way they start with individual workloads, we know from customers, market data etc that customers typically adopt one cloud then move to another etc.
  • #15 Currently organizations have no clue where there critical data is and as data grows exponentially its harder and harder for organizations to keep track of that data
  • #16 When we ask executives what their critical data is they cant tell us in fact the boundaries for what’s important and what is not important is completely lost, making it that much harder to really secure.
  • #17 As a result Security Personnel become great wall builders, the issue is that we continue to build walls and lose focus on what we are protecting and the various ways it can be exploited. We also lose the ability to granularly track information. This means we poke holes in ports for multiple applications etc meaning we degrade overall security
  • #18 Once an organization gains clarity of their information they can identify what really matters and leverage that asset
  • #19 Financially organizations benefit from cloud
  • #20 Organizations are spending less than in past, As a result there is less money to spend
  • #21 Inversely Cloud Vendors have money allocated for competitive reasons. Ultimately Security remains the only competitive lever most vendors can pull so it’ s a priority
  • #22 Organizations have to keep up with security
  • #23 Security requires vigilance organizations already are overloaded (tell story of startup from past history)
  • #24 Services allows them to ease the burden (Security as a Service Argument)
  • #25 Security skills are hard to find and security is hard
  • #26 Is this who you want doing your security
  • #27 Or do you want a professional
  • #28 Clouds have multiple delivery models – Note Gartner wants us to play this up more because they believe confusion on this topic and following slides. My approach is forget concepts of “The Cloud” its not a single entity but much more complex and interesting
  • #29 Play to Gartner and their args multiple deployment paths, talk security in context here. May need to cut short this is a long preso already
  • #30 The Message One Size doesn’ t fit all and btw there are lots of types of clouds. We need to hammer this home because we keep highlighting Public hosted not private.
  • #31 IBM is different, may update image to show lots of fishbowls moving back on horizon?
  • #32 Our 4 stage approach to cloud security.
  • #33 Standard secure by design refer to our experiences. We need to promote this more once we nail foundational controls tie to Rational/WebSphere/Information Management and Tivoli Cloud story. We have assets just need to cauterize story right now I seem to be only one giving it.
  • #34 This is where we engage in workload discussion, talk to each type of workload and how security varies ( actually only a couple otherwise takes wayy too long) Discuss Healthcare->Education->Development?
  • #35 LotusLive its easy and how security themes and our foundational strategy apply
  • #36 Explain Service Enabled,
  • #37 Researchy things like Lotus work the IPS stuff and Mobile work, we might want to include trusted domain and some of the other services we are exploring for example those in IM
  • #38 Our portfolio, WE have breadth and depth only vendor
  • #39 How we can focus on a private scenario
  • #40 Public example
  • #42 Whats new – TEMS, Juniper Partnership, WebSphere Virtuoso…
  • #43 Talk about challenges encourage consultative services Trusted Guide my usual blah blah