Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Mitigation Strategy
Technologies & Tools
22
To cloud Self-Service Highly Virtualized Location Independence Workload Automation Rapid Elasticity Standardization
Multiple Logins, Onboarding Issues Multi-tenancy, Data Separation External Facing, Quick Provisioning Virtualization, Network Isolation
Physical Infrastructure
Governance, Risk and Compliance
In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases - greatly affecting all aspects of IT security.
4 Copyright IBM Corp. 2004, 2010. All Rights Reserved. 4
Different cloud deployment models also change the way we think about security
Private cloud
On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party
Hybrid IT
Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability
Public cloud
Available to the general public or a large industry group and owned by an organization selling cloud services.
Provider Less No
customization of security controls visibility into day-to-day operations to access to logs and policies and data remain inside the firewall
customization of security controls to access to logs and policies and data are publically exposed
Difficult
Applications
5
Applications
Less Control
Many companies and governments are uncomfortable with the idea of their information located on systems they do not control. Providers must offer a high degree of security transparency to help put customers at ease.
Reliability
High availability will be a key concern. IT departments will worry about a loss of service should outages occur. Mission critical applications may not run in the cloud without strong availability guarantees.
Data Security
Migrating workloads to a shared network and compute infrastructure increases the potential for unauthorized exposure. Authentication and access technologies become increasingly important.
Compliance
Complying with SOX, HIPAA and other regulations may prohibit the use of clouds for some applications. Comprehensive auditing capabilities are essential.
6
Security Management
Providers must supply easy controls to manage firewall and security settings for applications and runtime environments in the cloud.
Copyright IBM Corp. 2004, 2010. All Rights Reserved.
Trust
Adoption patterns are emerging for successfully beginning and progressing cloud initiatives
Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud
Infrastructure and Identity Manage datacenter identities Secure virtual machines Patch default images Monitor logs on all resources Network isolation
Applications and Data Secure shared databases Encrypt private information Build secure applications Keep an audit trail Integrate existing security
Data and Compliance Isolate cloud tenants Policy and regulations Manage security operations Build compliant data centers Offer backup and resiliency
Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies
Security Intelligence threat intelligence, user activity monitoring, real time insights
10
IBM has a broad portfolio of products and services to help satisfy our customers most pressing security requirements
Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
11
Our approach to delivering security aligns with each phase of a clients cloud project or initiative
Design
Establish a cloud strategy and implementation plan to get there.
IBM Cloud Security Approach
Deploy
Build cloud services, in the enterprise and/or as a cloud services provider.
Consume
Manage and optimize consumption of cloud services.
Secure by Design Focus on building security into the fabric of the cloud.
Workload Driven Secure cloud resources with innovative features and products. Application security Virtualization security Endpoint protection Configuration and patch management
Service Enabled Govern the cloud through ongoing security operations and workflow. Identity and access management Secure cloud communications Managed security services
Cloud security roadmap Secure development Network threat protection Server security Database security
12
1
Cloud Platform
5 6
Hypervisor
3
SW Catalog Config Binaries
Available Resource
Resource Pool
13
Helping the client ensure their cloud services are secure and reliable.
Business challenge Deploy applications to the cloud with confidence that theyre secure, compliant, and meet regulatory requirements. Key security requirements
Identity and Access Control securely connect users to the cloud Virtualization Security protection for the virtual infrastructure Image and Patch Management keep cloud resources up-do-date and compliant
Security for IBM Tivoli Service Automation Tivoli Service Automation Manager Virtual Server Protection for VMware Tivoli Identity Manager Tivoli Endpoint Manager
14 Copyright IBM Corp. 2004, 2010. All Rights Reserved.
Secure usage of Public Cloud applications focusing on Audit, Access and Secure Connectivity
Securing the Private Cloud stack focusing on building security into the cloud infrastructure and its workloads
15
Delivering high-value services for cloud and traditional compute environments with little or no security device investment or maintenance
Cloud based
16
17
IBM & CSCC contributing to cloud security standards development to address barriers in cloud adoption
IBM Security Systems Provide customer-lead guidance to the multiple cloud standards-defining bodies Establishing the criteria for openstandards-based cloud computing
280+
CSCC Forms New Security Working Group - Feb. 2012
- Co-chaired by The Kroger Co. & Boeing
Develop high priority use cases for cloud security that reflect customer issues and pain points Identify Regulatory Compliance Capabilities and Options through Security Architecture Standards Identify Best-of-Breed Security Solutions for Customers of Cloud
Soliciting Membership:
19
50%
operate outside the IT realm
Copyright IBM Corp. 2004, 2010. All Rights Reserved.
http://www.cloud-council.org
IBM continues to research, test and document more focused approaches to cloud security
IBM Research
Special research concentration in cloud security
IBM X-Force
Proactive counter intelligence and public education
Customer Councils
Real-world feedback from clients adopting cloud
Standards Participation
Client-focused open standards and interoperability
20
Thank You
21
22
23