SlideShare a Scribd company logo

Presentation cloud security the grand challenge

X
xKinAnx

Download & Share Technology Presentations http://goo.gl/k80oY0 Student Guide & Best http://goo.gl/6OkI77

Technology
1 of 38
© 2010 IBM Corporation CLOUD SECURITY: THE GRAND CHALLENGE Glen Gooding Asia Pacific Security Leader IBM Corporation ggooding@au1.ibm.com Government Ware: GovWare Singapore September 29, 2010
© 2010 IBM Corporation Rest safe: Google saves the day
© 2010 IBM Corporation Agenda Components of Cloud Market Basic Security Concepts – Today and tomorrow IBM’s vision of a Security Framework IBM Cloud Security Guidance Conceptual findings from Security Framework Government Authentication Cloud Example 3
© 2010 IBM Corporation4 Workloads Most Considered for Cloud Delivery Top private workloads Database, application and infrastructure workloads emerge as most appropriate  Data mining, text mining, or other analytics  Security  Data warehouses or data marts  Business continuity and disaster recovery  Test environment infrastructure  Long-term data archiving/preservation  Transactional databases  Industry-specific applications  ERP applications Top public workloads Infrastructure and collaboration workloads emerge as most appropriate  Audio/video/Web conferencing  Service help desk  Infrastructure for training and demonstration  WAN capacity and VoIP infrastructure  Desktop  Test environment infrastructure  Storage  Data center network capacity  Server Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090
© 2010 IBM Corporation5 The Cloud Curtain The Cloud Curtain Curtain CLOUD MODEL APPLIES AT ALL LEVELS OF THE IT STACK – 5 Resulting in Different Security Requirements, Different Responsibilities
© 2010 IBM Corporation WHAT IS CLOUD SECURITY? There is nothing new under the sun but there are lots of old things we don't know. Ambrose Bierce, The Devil's Dictionary Software as a Service Utility Computing Grid Computing Cloud Computing Confidentiality, Integrity, Availability of business-critical IT assets Stored or processed on a cloud computing platform 6
© 2010 IBM Corporation CLOUD SECURITY: SIMPLE EXAMPLE ? We Have Control It’s located at X. It’s stored in server’s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged. Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? ? ? ? ? ? Today’s Data Center Tomorrow’s Public Cloud CLOUD SECURITY: SIMPLE EXAMPLE 7
© 2010 IBM Corporation Compliance Complying with regulations may prohibit the use of clouds for some applications. Reliability High availability will be a key concern. IT departments will worry about a loss of service should outages occur. Control Many companies and governments are uncomfortable with the idea of their information located on systems they do not control. Security Management Even the simplest of tasks may be behind layers of abstraction or performed by someone else. Data Migrating workloads to a shared network and compute infrastructure increases the potential for unauthorized exposure. Providers must offer a high degree of security transparency to help put customers at ease. Authentication and access technologies become increasingly important. Mission critical applications may not run in the cloud without strong availability guarantees. Comprehensive auditing capabilities are essential. Providers must supply easy controls to manage security settings for application and runtime environments. CATEGORIES OF CLOUD COMPUTING RISKS 8
© 2010 IBM Corporation IBM SECURITY FRAMEWORK Built to meet four key requirements:  Provide Assurance  Enable Intelligence  Automate Process  Improve Resilience Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security; IBM RedGuide REDP-4528-00, July 2009 9
© 2010 IBM Corporation IBM approach to security on a Smart Planet… Secure by Design Intelligence Standards Assurance Governance Enable trust and confidence in IT through software and system assurance Stay ahead of the threat by monitoring the attack landscape and anticipating new threats Enable security and privacy with an open, standards-based architectural approach Provide visibility, control and automation through CoBIT and ITIL-based service management  Open standards leadership in DMTF, IETF, OASIS, TCG, W3C, …  SOA & Web Services Security  IBM Security Blueprint  IBM Trusted Identity  Fine-grained Security  Trusted Virtual Data Center  UK/US ITA, IBM OCR, EU FP7 open research  IBM Service Management Platform – asset management, problem & incident management, change & release management, etc.  IBM Process Reference Model for IT (PRM-IT)  IBM Rational Unified Process  Patch management for virtual images  IBM Integrated Product Development Process  System z Integrity Statement  Trusted Foundry  IBM High Assurance Platform  Continuous Software Quality  IBM Secure Blue  IBM X-Force  IBM Managed Security Services  System S Event & Streaming System  High Performance Computing  Information Risk & Compliance  Smart Surveillance Foundational Controls PoweredbyIBMResearch 10
© 2010 IBM Corporation TYPICAL CLIENT SECURITY REQUIREMENTS •Governance, Risk Management, •Compliance •3rd-party audit (SAS 70(2), ISO27001/2, PCI) •Client access to tenant-specific log and audit data •Effective incident reporting for tenants •Visibility into change, incident, image management, etc. •SLAs, option to transfer risk from tenant to provider •Support for forensics •Support for e-Discovery •Application and Process •Application security requirements for cloud are phrased in terms of image security •Compliance with secure development best practices •Physical •Monitoring and control of physical access • People and Identity • Privileged user monitoring, including logging activities, physical monitoring and background checking • Federated identity / onboarding: Coordinating authentication and authorization with enterprise or third party systems • Standards-based SSO • Data and Information • Data segregation • Client control over geographic location of data • Government: Cloud-wide data classification • Network, Server, Endpoint • Isolation between tenant domains • Trusted virtual domains: policy-based security zones • Built-in intrusion detection and prevention • Vulnerability Management • Protect machine images from corruption and abuse • Government: MILS-type separation Based on interviews with clients and various analyst reports 11
© 2010 IBM Corporation  Based on cross-IBM research on cloud security  Highlights a series of best practice controls that should be implemented  Broken into 7 critical infrastructure components: – Building a Security Program – Confidential Data Protection – Implementing Strong Access and Identity – Application Provisioning and De-provisioning – Governance Audit Management – Vulnerability Management – Testing and Validation IBM CLOUD SECURITY GUIDANCE DOCUMENT 12
© 2010 IBM Corporation Customers require visibility into the security posture of their cloud. Establish 3rd-party audits (ISO27001, PCI) Provide access to tenant-specific log and audit data Create effective incident reporting for tenants Visibility into change, incident, image management, etc. Understand applicable regional, national and international laws Support for forensics and e-Discovery Implement a governance and audit management program Security governance, risk management and complianceSecurity governance, risk management and compliance IBM Security Framework IBM Cloud Security Guidance Document 13
© 2010 IBM Corporation Customers require proper authentication of cloud users. Privileged user monitoring, including logging activities, physical monitoring and background checking Utilize federated identity to coordinate authentication and authorization with enterprise or third party systems A standards-based, single sign-on capability Implement strong identity and access management IBM Security Framework IBM Cloud Security Guidance Document People and IdentityPeople and Identity 14
© 2010 IBM Corporation Customers cite data protection as their most important concern within the cloud. Use a secure network protocol when connecting to a secure information store. Implement a firewall to isolate confidential information, and ensure that all confidential information is stored behind the firewall. Sensitive information not essential to the business should be securely destroyed. Ensure confidential data protection IBM Security Framework IBM Cloud Security Guidance Document Data and InformationData and Information 15
© 2010 IBM Corporation Customers require secure cloud applications and provider processes. Implement a program for application and image provisioning. Develop all Web based applications using secure coding guidelines. Ensure external facing Web applications are black box tested A secure application testing program should be implemented. Ensure all changes to virtual images and applications are logged. Establish application and environment provisioning IBM Security Framework IBM Cloud Security Guidance Document Application and ProcessApplication and Process 16
© 2010 IBM Corporation Customers expect a secure cloud operating environment. . Implement vulnerability scanning, anti-virus, intrusion detection and prevention on all appropriate images Ensure isolation exists between tenant domains Trusted virtual domains: policy-based security zones Ensure provisioning management is strictly controlled Protect machine images from corruption and abuse Ensure provisioned images apply appropriate access rights Ensure destruction of outdated images Maintain environment testing and vulnerability/intrusion management IBM Security Framework IBM Cloud Security Guidance Document Network, Server and End PointNetwork, Server and End Point 17
© 2010 IBM Corporation Customers expect cloud data centers to be physically secure. . Ensure the facility has appropriate controls to monitor access. Prevent unauthorized entrance to critical areas within facilities e.g. servers, routers, storage, power supplies Biometric access of employees Ensure that all employees with direct access to systems have full background checks. Provide adequate protection against natural disasters. Implement a physical environment security plan IBM Security Framework IBM Cloud Security Guidance Document Physical SecurityPhysical Security 18
© 2010 IBM Corporation Customers want to hear how IBM can deliver secure Government cloud solutions. . Enterprise wide Government security and compliance Database security compliance Virtualization and security implication IBM’s involvement in Government Cloud Solutions  A Real Use Case Areas of expertise IBM can deliver on IBM Security Framework IBM Cloud Security Guidance Document My thoughts on critical componentsMy thoughts on critical components 19
© 2010 IBM Corporation  Integrated service lifecycle mgmt.  Expose resources “as- a-Service”.  Integrated Security infrastructure.  Rapid provisioning of IT resources, massive scaling.  Dynamic service mgmt.  Energy saving via auto workload distribution.  Rapid deployment of infrastructure and applications.  Request-driven service management.  Service Catalog.  Virtualization.  Better hardware utilization.  Improved IT agility.  Server Consolidation.  Streamline Operations – manage physical and virtual systems.  Lower power consumption. Cloud Computing Virtualization – First Step in Journey to Cloud Computing 20
© 2010 IBM Corporation Resource sharing —————————— Single point of failure —————————— Loss of visibility MORE COMPONENTS = MORE EXPOSURE Traditional Threats Virtual server sprawl —————————— Dynamic state —————————— Dynamic relocation Stealth rootkits Management Vulnerabilities —————————— Secure storage of VMs and the management data —————————— Requires new skill sets —————————— Insider threat New threats to VM environments Traditional threats can attack VMs just like real systems Security Challenges with Virtualization: New Risks 21
© 2010 IBM Corporation Server and Network Convergence 22
© 2010 IBM Corporation Cloud compliance: Security Information and Event Management  Single, integrated product  Log Management Reporting  Unique ability to monitor user behavior  Enterprise compliance dashboard  Compliance management modules and regulation-specific reports  Broadest, most complete log and audit trail capture capability  W7 log normalization translates your logs into business terms  Easy ability to compare behavior to regulatory and company policies  Multi-tennancy support through scoping Key Features How to provide a single, integrated product that delivers insider threat, audit and compliance. 24
© 2010 IBM Corporation Real-Time Database Security & Monitoring • Non-invasive • No DBMS changes • Minimal impact • Does not rely on traditional DBMS-resident logs that can easily be disabled by DBAs • Granular policies & monitoring • Who, what, when, how • Real-time alerting • Monitors all activities including local access by privileged users DB2DB2 SQL Server SQL Server 25
© 2010 IBM Corporation Cloud based Authentication Hub Australian Federal Government 26
© 2010 IBM CorporationIBM Insight Forum 09 ® In a browser, hit http://www.australia.gov.au 27
© 2010 IBM CorporationIBM Insight Forum 09 ® Click Login to myaccount 28
© 2010 IBM Corporation IBM Insight Forum 09 ® Provide your logon details 29
© 2010 IBM CorporationIBM Insight Forum 09 ® 30
© 2010 IBM CorporationIBM Insight Forum 09 ® Provide the correct answer to your previously registered secret question 31
© 2010 IBM CorporationIBM Insight Forum 09 ® And have access to Centrelink and Medicare I am now authenticated 32
© 2010 IBM CorporationIBM Insight Forum 09 ® Clicking on the Medicare link, takes me to Medicare’s site 33
© 2010 IBM CorporationIBM Insight Forum 09 ® Return to myaccount page 34
© 2010 IBM CorporationIBM Insight Forum 09 ® I have access to Centrelink and Medicare 35
© 2010 IBM CorporationIBM Insight Forum 09 ® Clicking on the Centrelink link, takes me to Centrelink’s site Return to myaccount page 36
© 2010 IBM CorporationIBM Insight Forum 09 ® 37
© 2010 IBM Corporation SUMMARY • “Cloud” is a new consumption and delivery model inspired by consumer Internet services. • Security Remains the Top Concern for Cloud Adoption • One sized security doesn’t fit all • Take a structured approach to securing your cloud environment • Documented guidance is available for download to assist you in securing your cloud environment • IBM has a view from End to End when it addresses your security needs 38
© 2010 IBM Corporation ONE voice for security. IBM SECURITYIBM SECURITY SOLUTIONSSOLUTIONS INNOVATIVE products and services. IBM SECURITYIBM SECURITY FRAMEWORKFRAMEWORK COMMITTED to the vision of a Secure Smarter Planet. SECURE BYSECURE BY DESIGNDESIGN Thank You. 39

Recommended

IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
Prime Infoserv
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
Prolifics
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
IBM Security
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
Vincent Kwon
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
Camilo Fandiño Gómez
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
wdjohnson1
 

Recommended

IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
Prime Infoserv
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
Prolifics
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
IBM Security
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
Vincent Kwon
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
Camilo Fandiño Gómez
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
wdjohnson1
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
Sylvia Low
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Beyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats SecurityBeyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats Security
Chief Optimist
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
IBM Security
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security Paper
IBM
 
April2016 PM GregWithamResume
April2016 PM GregWithamResumeApril2016 PM GregWithamResume
April2016 PM GregWithamResume
Greg Witham
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...
solarisyougood
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
IBM Security
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
Maliha Ali
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloud Security: challenges and perspectives.
Cloud Security: challenges and perspectives.Cloud Security: challenges and perspectives.
Cloud Security: challenges and perspectives.
EUBrasilCloudFORUM .
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
Ken Chan
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
CipherCloud
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 

More Related Content

What's hot

The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
April2016 PM GregWithamResume
April2016 PM GregWithamResumeApril2016 PM GregWithamResume
April2016 PM GregWithamResume
Greg Witham
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
IBM Security
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
Maliha Ali
 

What's hot (16)

MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Beyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats SecurityBeyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats Security
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security Paper
 
April2016 PM GregWithamResume
April2016 PM GregWithamResumeApril2016 PM GregWithamResume
April2016 PM GregWithamResume
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
 

Viewers also liked

SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Finding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage SystemsFinding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage Systems
Arun Olappamanna Vasudevan
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and Security
John Paul Prassanna
 

Viewers also liked (18)

SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud Security: challenges and perspectives.
Cloud Security: challenges and perspectives.Cloud Security: challenges and perspectives.
Cloud Security: challenges and perspectives.
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
GIEP - Be Well - Poster for Indo-Global Health Conference
GIEP - Be Well - Poster for Indo-Global Health ConferenceGIEP - Be Well - Poster for Indo-Global Health Conference
GIEP - Be Well - Poster for Indo-Global Health Conference
 
Finding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage SystemsFinding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage Systems
 
BSides London - Scapy Workshop
BSides London - Scapy WorkshopBSides London - Scapy Workshop
BSides London - Scapy Workshop
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop Sample
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
Data management services outsourcing – data mining, data entry and data proce...
Data management services outsourcing – data mining, data entry and data proce...Data management services outsourcing – data mining, data entry and data proce...
Data management services outsourcing – data mining, data entry and data proce...
 
Why Outsource Data Entry Services?
Why Outsource Data Entry Services?Why Outsource Data Entry Services?
Why Outsource Data Entry Services?
 
Growth curves
Growth curvesGrowth curves
Growth curves
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and Security
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 

Similar to Presentation cloud security the grand challenge

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?
IBM Security
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security
 
IBM in Surveillance: Solutions that Deliver Innovation
IBM in Surveillance: Solutions that Deliver InnovationIBM in Surveillance: Solutions that Deliver Innovation
IBM in Surveillance: Solutions that Deliver Innovation
Paula Koziol
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 

Similar to Presentation cloud security the grand challenge (20)

Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Security Considerations on Hybrid Cloud
Security Considerations on Hybrid CloudSecurity Considerations on Hybrid Cloud
Security Considerations on Hybrid Cloud
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
IBM in Surveillance: Solutions that Deliver Innovation
IBM in Surveillance: Solutions that Deliver InnovationIBM in Surveillance: Solutions that Deliver Innovation
IBM in Surveillance: Solutions that Deliver Innovation
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 

More from xKinAnx

More from xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Presentation cloud security the grand challenge

  • 1. © 2010 IBM Corporation CLOUD SECURITY: THE GRAND CHALLENGE Glen Gooding Asia Pacific Security Leader IBM Corporation ggooding@au1.ibm.com Government Ware: GovWare Singapore September 29, 2010
  • 2. © 2010 IBM Corporation Rest safe: Google saves the day
  • 3. © 2010 IBM Corporation Agenda Components of Cloud Market Basic Security Concepts – Today and tomorrow IBM’s vision of a Security Framework IBM Cloud Security Guidance Conceptual findings from Security Framework Government Authentication Cloud Example 3
  • 4. © 2010 IBM Corporation4 Workloads Most Considered for Cloud Delivery Top private workloads Database, application and infrastructure workloads emerge as most appropriate  Data mining, text mining, or other analytics  Security  Data warehouses or data marts  Business continuity and disaster recovery  Test environment infrastructure  Long-term data archiving/preservation  Transactional databases  Industry-specific applications  ERP applications Top public workloads Infrastructure and collaboration workloads emerge as most appropriate  Audio/video/Web conferencing  Service help desk  Infrastructure for training and demonstration  WAN capacity and VoIP infrastructure  Desktop  Test environment infrastructure  Storage  Data center network capacity  Server Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090
  • 5. © 2010 IBM Corporation5 The Cloud Curtain The Cloud Curtain Curtain CLOUD MODEL APPLIES AT ALL LEVELS OF THE IT STACK – 5 Resulting in Different Security Requirements, Different Responsibilities
  • 6. © 2010 IBM Corporation WHAT IS CLOUD SECURITY? There is nothing new under the sun but there are lots of old things we don't know. Ambrose Bierce, The Devil's Dictionary Software as a Service Utility Computing Grid Computing Cloud Computing Confidentiality, Integrity, Availability of business-critical IT assets Stored or processed on a cloud computing platform 6
  • 7. © 2010 IBM Corporation CLOUD SECURITY: SIMPLE EXAMPLE ? We Have Control It’s located at X. It’s stored in server’s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged. Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? ? ? ? ? ? Today’s Data Center Tomorrow’s Public Cloud CLOUD SECURITY: SIMPLE EXAMPLE 7
  • 8. © 2010 IBM Corporation Compliance Complying with regulations may prohibit the use of clouds for some applications. Reliability High availability will be a key concern. IT departments will worry about a loss of service should outages occur. Control Many companies and governments are uncomfortable with the idea of their information located on systems they do not control. Security Management Even the simplest of tasks may be behind layers of abstraction or performed by someone else. Data Migrating workloads to a shared network and compute infrastructure increases the potential for unauthorized exposure. Providers must offer a high degree of security transparency to help put customers at ease. Authentication and access technologies become increasingly important. Mission critical applications may not run in the cloud without strong availability guarantees. Comprehensive auditing capabilities are essential. Providers must supply easy controls to manage security settings for application and runtime environments. CATEGORIES OF CLOUD COMPUTING RISKS 8
  • 9. © 2010 IBM Corporation IBM SECURITY FRAMEWORK Built to meet four key requirements:  Provide Assurance  Enable Intelligence  Automate Process  Improve Resilience Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security; IBM RedGuide REDP-4528-00, July 2009 9
  • 10. © 2010 IBM Corporation IBM approach to security on a Smart Planet… Secure by Design Intelligence Standards Assurance Governance Enable trust and confidence in IT through software and system assurance Stay ahead of the threat by monitoring the attack landscape and anticipating new threats Enable security and privacy with an open, standards-based architectural approach Provide visibility, control and automation through CoBIT and ITIL-based service management  Open standards leadership in DMTF, IETF, OASIS, TCG, W3C, …  SOA & Web Services Security  IBM Security Blueprint  IBM Trusted Identity  Fine-grained Security  Trusted Virtual Data Center  UK/US ITA, IBM OCR, EU FP7 open research  IBM Service Management Platform – asset management, problem & incident management, change & release management, etc.  IBM Process Reference Model for IT (PRM-IT)  IBM Rational Unified Process  Patch management for virtual images  IBM Integrated Product Development Process  System z Integrity Statement  Trusted Foundry  IBM High Assurance Platform  Continuous Software Quality  IBM Secure Blue  IBM X-Force  IBM Managed Security Services  System S Event & Streaming System  High Performance Computing  Information Risk & Compliance  Smart Surveillance Foundational Controls PoweredbyIBMResearch 10
  • 11. © 2010 IBM Corporation TYPICAL CLIENT SECURITY REQUIREMENTS •Governance, Risk Management, •Compliance •3rd-party audit (SAS 70(2), ISO27001/2, PCI) •Client access to tenant-specific log and audit data •Effective incident reporting for tenants •Visibility into change, incident, image management, etc. •SLAs, option to transfer risk from tenant to provider •Support for forensics •Support for e-Discovery •Application and Process •Application security requirements for cloud are phrased in terms of image security •Compliance with secure development best practices •Physical •Monitoring and control of physical access • People and Identity • Privileged user monitoring, including logging activities, physical monitoring and background checking • Federated identity / onboarding: Coordinating authentication and authorization with enterprise or third party systems • Standards-based SSO • Data and Information • Data segregation • Client control over geographic location of data • Government: Cloud-wide data classification • Network, Server, Endpoint • Isolation between tenant domains • Trusted virtual domains: policy-based security zones • Built-in intrusion detection and prevention • Vulnerability Management • Protect machine images from corruption and abuse • Government: MILS-type separation Based on interviews with clients and various analyst reports 11
  • 12. © 2010 IBM Corporation  Based on cross-IBM research on cloud security  Highlights a series of best practice controls that should be implemented  Broken into 7 critical infrastructure components: – Building a Security Program – Confidential Data Protection – Implementing Strong Access and Identity – Application Provisioning and De-provisioning – Governance Audit Management – Vulnerability Management – Testing and Validation IBM CLOUD SECURITY GUIDANCE DOCUMENT 12
  • 13. © 2010 IBM Corporation Customers require visibility into the security posture of their cloud. Establish 3rd-party audits (ISO27001, PCI) Provide access to tenant-specific log and audit data Create effective incident reporting for tenants Visibility into change, incident, image management, etc. Understand applicable regional, national and international laws Support for forensics and e-Discovery Implement a governance and audit management program Security governance, risk management and complianceSecurity governance, risk management and compliance IBM Security Framework IBM Cloud Security Guidance Document 13
  • 14. © 2010 IBM Corporation Customers require proper authentication of cloud users. Privileged user monitoring, including logging activities, physical monitoring and background checking Utilize federated identity to coordinate authentication and authorization with enterprise or third party systems A standards-based, single sign-on capability Implement strong identity and access management IBM Security Framework IBM Cloud Security Guidance Document People and IdentityPeople and Identity 14
  • 15. © 2010 IBM Corporation Customers cite data protection as their most important concern within the cloud. Use a secure network protocol when connecting to a secure information store. Implement a firewall to isolate confidential information, and ensure that all confidential information is stored behind the firewall. Sensitive information not essential to the business should be securely destroyed. Ensure confidential data protection IBM Security Framework IBM Cloud Security Guidance Document Data and InformationData and Information 15
  • 16. © 2010 IBM Corporation Customers require secure cloud applications and provider processes. Implement a program for application and image provisioning. Develop all Web based applications using secure coding guidelines. Ensure external facing Web applications are black box tested A secure application testing program should be implemented. Ensure all changes to virtual images and applications are logged. Establish application and environment provisioning IBM Security Framework IBM Cloud Security Guidance Document Application and ProcessApplication and Process 16
  • 17. © 2010 IBM Corporation Customers expect a secure cloud operating environment. . Implement vulnerability scanning, anti-virus, intrusion detection and prevention on all appropriate images Ensure isolation exists between tenant domains Trusted virtual domains: policy-based security zones Ensure provisioning management is strictly controlled Protect machine images from corruption and abuse Ensure provisioned images apply appropriate access rights Ensure destruction of outdated images Maintain environment testing and vulnerability/intrusion management IBM Security Framework IBM Cloud Security Guidance Document Network, Server and End PointNetwork, Server and End Point 17
  • 18. © 2010 IBM Corporation Customers expect cloud data centers to be physically secure. . Ensure the facility has appropriate controls to monitor access. Prevent unauthorized entrance to critical areas within facilities e.g. servers, routers, storage, power supplies Biometric access of employees Ensure that all employees with direct access to systems have full background checks. Provide adequate protection against natural disasters. Implement a physical environment security plan IBM Security Framework IBM Cloud Security Guidance Document Physical SecurityPhysical Security 18
  • 19. © 2010 IBM Corporation Customers want to hear how IBM can deliver secure Government cloud solutions. . Enterprise wide Government security and compliance Database security compliance Virtualization and security implication IBM’s involvement in Government Cloud Solutions  A Real Use Case Areas of expertise IBM can deliver on IBM Security Framework IBM Cloud Security Guidance Document My thoughts on critical componentsMy thoughts on critical components 19
  • 20. © 2010 IBM Corporation  Integrated service lifecycle mgmt.  Expose resources “as- a-Service”.  Integrated Security infrastructure.  Rapid provisioning of IT resources, massive scaling.  Dynamic service mgmt.  Energy saving via auto workload distribution.  Rapid deployment of infrastructure and applications.  Request-driven service management.  Service Catalog.  Virtualization.  Better hardware utilization.  Improved IT agility.  Server Consolidation.  Streamline Operations – manage physical and virtual systems.  Lower power consumption. Cloud Computing Virtualization – First Step in Journey to Cloud Computing 20
  • 21. © 2010 IBM Corporation Resource sharing —————————— Single point of failure —————————— Loss of visibility MORE COMPONENTS = MORE EXPOSURE Traditional Threats Virtual server sprawl —————————— Dynamic state —————————— Dynamic relocation Stealth rootkits Management Vulnerabilities —————————— Secure storage of VMs and the management data —————————— Requires new skill sets —————————— Insider threat New threats to VM environments Traditional threats can attack VMs just like real systems Security Challenges with Virtualization: New Risks 21
  • 22. © 2010 IBM Corporation Server and Network Convergence 22
  • 23. © 2010 IBM Corporation Cloud compliance: Security Information and Event Management  Single, integrated product  Log Management Reporting  Unique ability to monitor user behavior  Enterprise compliance dashboard  Compliance management modules and regulation-specific reports  Broadest, most complete log and audit trail capture capability  W7 log normalization translates your logs into business terms  Easy ability to compare behavior to regulatory and company policies  Multi-tennancy support through scoping Key Features How to provide a single, integrated product that delivers insider threat, audit and compliance. 24
  • 24. © 2010 IBM Corporation Real-Time Database Security & Monitoring • Non-invasive • No DBMS changes • Minimal impact • Does not rely on traditional DBMS-resident logs that can easily be disabled by DBAs • Granular policies & monitoring • Who, what, when, how • Real-time alerting • Monitors all activities including local access by privileged users DB2DB2 SQL Server SQL Server 25
  • 25. © 2010 IBM Corporation Cloud based Authentication Hub Australian Federal Government 26
  • 26. © 2010 IBM CorporationIBM Insight Forum 09 ® In a browser, hit http://www.australia.gov.au 27
  • 27. © 2010 IBM CorporationIBM Insight Forum 09 ® Click Login to myaccount 28
  • 28. © 2010 IBM Corporation IBM Insight Forum 09 ® Provide your logon details 29
  • 29. © 2010 IBM CorporationIBM Insight Forum 09 ® 30
  • 30. © 2010 IBM CorporationIBM Insight Forum 09 ® Provide the correct answer to your previously registered secret question 31
  • 31. © 2010 IBM CorporationIBM Insight Forum 09 ® And have access to Centrelink and Medicare I am now authenticated 32
  • 32. © 2010 IBM CorporationIBM Insight Forum 09 ® Clicking on the Medicare link, takes me to Medicare’s site 33
  • 33. © 2010 IBM CorporationIBM Insight Forum 09 ® Return to myaccount page 34
  • 34. © 2010 IBM CorporationIBM Insight Forum 09 ® I have access to Centrelink and Medicare 35
  • 35. © 2010 IBM CorporationIBM Insight Forum 09 ® Clicking on the Centrelink link, takes me to Centrelink’s site Return to myaccount page 36
  • 36. © 2010 IBM CorporationIBM Insight Forum 09 ® 37
  • 37. © 2010 IBM Corporation SUMMARY • “Cloud” is a new consumption and delivery model inspired by consumer Internet services. • Security Remains the Top Concern for Cloud Adoption • One sized security doesn’t fit all • Take a structured approach to securing your cloud environment • Documented guidance is available for download to assist you in securing your cloud environment • IBM has a view from End to End when it addresses your security needs 38
  • 38. © 2010 IBM Corporation ONE voice for security. IBM SECURITYIBM SECURITY SOLUTIONSSOLUTIONS INNOVATIVE products and services. IBM SECURITYIBM SECURITY FRAMEWORKFRAMEWORK COMMITTED to the vision of a Secure Smarter Planet. SECURE BYSECURE BY DESIGNDESIGN Thank You. 39