SlideShare a Scribd company logo

Arhitectura de securitate_MCloud

E-Government Center Moldova
E-Government Center Moldova
1 of 14
Arhitectura de securitate M-Cloud Veaceslav Pușcașu, CISM
Beneficii Cloud Computing: • Costuri Reduse cu infrastructura IT; • Conservare Capital - Utilizati capitalul pentru activitatea de baza nu pentru investitii in infrastructura IT • Disponibil (ALWAYS ON / ON DEMAND) • Fara batai de cap cu infrastructura IT – se pastreaza focusul pe activitatea de baza; • Performanta si disponibilitate garantate cu SLA (Centre de Date specializate, Suport tehnic de top 24 x 7);
Intodeauna insă exista un DAR.....
Beneficiile nu reprezinta totul ...securitatea in Cloud este cruciala
De ce? • Tot mai mult ne confruntam cu grupuri organizate care dispun de resurse sofisticate cu scopul de a obtine beneficii financiare si nu numai…; • Odata cu virtualizarea, perimetrele nu mai sunt fizice iar datele nu mai sunt pastrate si protejate izolat din punct de vedere fizic; • Exista ingrijorarea ca un atacator cu acces autorizat in propriul perimetru poate dobandi acces neautorizat si control asupra intregii infrastructurii in conditiile unui mecanism de izolare non-fizic (“software only).
Back to the feature.... Securitate Traditionala Securitate in mediu virtualizat Complexa Simpla  Multiple politici  O singura politica, pe cloud  Roluri administrative suprapuse  Separarea rolurilor  Multiple solutii pe diferite  Reducerea complexitatii configurarii echipamente pe Firewall Slaba Puternica  Agenti separati in fiecare  Firewall la nivel de hypervisor server  Fara agenti  Politici multe, rigide, alocate  Zone adaptive de incredere si per server carantina Volum mare de lucru Automatizata  Dependenta de cauza si locatie  Integrata cu mediul virtualizat  Detectie manuala  Evaluare continua automata  Remediere manuala  Remediere automata, programabila Implementarile in mediul virtualizat sunt mult mai sigure si usor de intretinut
Arhitectura de securitate M-Cloud este necesară pentru INCREDERE = CONTROL + VIZIBILITATE pentru INFRASTRUCTURA | IDENTITATI | INFORMATII
Arhitectura de securitate M-Cloud se bazeaza pe principu “defence in depth” • Separation of duties • Segregation of Networks • Log Everything • Pass only what we can monitor • No single point of failure • Secure Development Lifecycle
Arhitectura de securitate M-Cloud definește cerinte minimine grupate pe 8 nivele : • Securitatea infrastructurii fizice • Securitatea infrastructurii de reţea • Securitatea infrastructurii virtuale • Controlul accesului şi securitatea datelor • Securitatea aplicaţiilor software • Monitorizarea şi testarea securităţii • Managementul operaţiunilor • Managementul riscurilor de securitate a informaţiei şi continuitatea afacerii
Si aceasta nu-i tot….. • Procesul de asigurare a securităţii platformei M-Cloud implică diferiţi actori : • furnizorul M-Cloud (CGE) • operatorul M-Cloud (CTS) • benificiarii platformei M-Cloud (APC și structurele subordonate) • fiecare actor are definite propriile responsabilităţi
Arhitectura de securitate este elaborată în conformitate cu reglamentările tehnice și cu cerinţele standardelor naţionale internaţionale: • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei bazelor de date în procesul de prestare serviciilor publice electronic, anexa nr.1 la ordinul MTIC 106 din 20 decembrie 2010; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010; • SM SR ISO/IEC 27002:2006; • Payment Card Industry Data Security Standard.
Arhitectura de securitate M-Cloud a fost consulată • Experţi internaţionali în domeniul securităţii informaţiei și Cloud Computing : • Clay Lin, Chief Information Security Officer, - Banca Mondiala; • Marnix Dekker, security expert, - ENISA (European Network and Information Security Agency ); • Laurence Millar, Managing Director, GVG Ltd, New Zealand • Propunirele și sugestiile parvenite sunt incorporate in versiunea finala a documentului.
In concluzie • Securitatea Cloud – un subiect complicat care incă provoacă discuţii în randul experţilor; • Arhitectura de securitate M-Cloud este un prin pas spre ÎNCREDERE; • Next steps: • Implementarea arhitecturii de securitate; • Definirea și implementarea conceptului de securitate ca serviciu (SecaaS); • Elaborarea si implementarea a cadrului de asigurare a continuităţii platformei M-Cloud.
Va mulţumesc pentru atenţie!

Recommended

Catalin paunescu star_storage_cloud_security_2012_ro
Catalin paunescu star_storage_cloud_security_2012_roCatalin paunescu star_storage_cloud_security_2012_ro
Catalin paunescu star_storage_cloud_security_2012_ro
E-Government Center Moldova
 
Is21 cybersecurity
Is21 cybersecurityIs21 cybersecurity
Is21 cybersecurity
Crescendo
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
SAPinsider Events
 
Infowash presentacion
Infowash presentacionInfowash presentacion
Infowash presentacion
Washington Peres
 
Positive Fink House advisory results for 2016 1Q
Positive Fink House advisory results for 2016 1Q Positive Fink House advisory results for 2016 1Q
Positive Fink House advisory results for 2016 1Q
Gintautas Levisauskas
 
Gabriela Sales 5ano Dia Das MãEs
Gabriela Sales 5ano Dia Das MãEsGabriela Sales 5ano Dia Das MãEs
Gabriela Sales 5ano Dia Das MãEs
roseconrado
 
ACUMULACIÓN DE OBJETOS
ACUMULACIÓN DE OBJETOSACUMULACIÓN DE OBJETOS
ACUMULACIÓN DE OBJETOS
alfongraphic
 
Gender diversity power point (girls)
Gender diversity power point (girls)Gender diversity power point (girls)
Gender diversity power point (girls)
Midwest Information Plus
 

Recommended

Catalin paunescu star_storage_cloud_security_2012_ro
Catalin paunescu star_storage_cloud_security_2012_roCatalin paunescu star_storage_cloud_security_2012_ro
Catalin paunescu star_storage_cloud_security_2012_ro
E-Government Center Moldova
 
Is21 cybersecurity
Is21 cybersecurityIs21 cybersecurity
Is21 cybersecurity
Crescendo
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
SAPinsider Events
 
Infowash presentacion
Infowash presentacionInfowash presentacion
Infowash presentacion
Washington Peres
 
Positive Fink House advisory results for 2016 1Q
Positive Fink House advisory results for 2016 1Q Positive Fink House advisory results for 2016 1Q
Positive Fink House advisory results for 2016 1Q
Gintautas Levisauskas
 
Gabriela Sales 5ano Dia Das MãEs
Gabriela Sales 5ano Dia Das MãEsGabriela Sales 5ano Dia Das MãEs
Gabriela Sales 5ano Dia Das MãEs
roseconrado
 
ACUMULACIÓN DE OBJETOS
ACUMULACIÓN DE OBJETOSACUMULACIÓN DE OBJETOS
ACUMULACIÓN DE OBJETOS
alfongraphic
 
Gender diversity power point (girls)
Gender diversity power point (girls)Gender diversity power point (girls)
Gender diversity power point (girls)
Midwest Information Plus
 
Skinside White Paper Oct 2015
Skinside White Paper Oct 2015Skinside White Paper Oct 2015
Skinside White Paper Oct 2015
Nick Berner
 
Ramowy program cyklu warsztatowego synapsy
Ramowy program cyklu warsztatowego synapsyRamowy program cyklu warsztatowego synapsy
Ramowy program cyklu warsztatowego synapsy
Małopolski Instytut Kultury
 
Join our Vendor Network-Railrestro
Join our Vendor Network-RailrestroJoin our Vendor Network-Railrestro
Join our Vendor Network-Railrestro
Railrestro
 
Servicio al cliente. Actitud frente al servicio
Servicio al cliente. Actitud frente al servicioServicio al cliente. Actitud frente al servicio
Servicio al cliente. Actitud frente al servicio
ComoServirConExcelencia.com
 
Excel Bilinmeyenler, Kısayollar
Excel Bilinmeyenler, KısayollarExcel Bilinmeyenler, Kısayollar
Excel Bilinmeyenler, Kısayollar
Ömer BAĞCI
 
Kitchen equipments
Kitchen equipmentsKitchen equipments
Kitchen equipments
N SENTHIL KUMAR
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
OB - Contributing Disciplines to the OB Field
OB - Contributing Disciplines to the OB FieldOB - Contributing Disciplines to the OB Field
OB - Contributing Disciplines to the OB Field
Aditya Mahagaonkar
 
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. SharmaUnit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
THE NORTHCAP UNIVERSITY
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
Sriram Narayanan
 
Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1
E-Government Center Moldova
 
Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011
Agora Group
 
Softline - 10martie2011
Softline - 10martie2011Softline - 10martie2011
Softline - 10martie2011
Agora Group
 
MCloud operational framework
MCloud operational frameworkMCloud operational framework
MCloud operational framework
E-Government Center Moldova
 
IT Security by provision security distribution
IT Security by provision security distributionIT Security by provision security distribution
IT Security by provision security distribution
Julian Medeleanu MBA
 
Prezentare
PrezentarePrezentare
Prezentare
cerlarisa
 
Virtualizarea mediului de lucru-24martie2010
Virtualizarea mediului de lucru-24martie2010Virtualizarea mediului de lucru-24martie2010
Virtualizarea mediului de lucru-24martie2010
Agora Group
 
Cloud computing caracteristici si modele v greavu
Cloud computing caracteristici si modele v greavuCloud computing caracteristici si modele v greavu
Cloud computing caracteristici si modele v greavu
MalairauValeria
 
Kaspersky 1iun2011
Kaspersky 1iun2011Kaspersky 1iun2011
Kaspersky 1iun2011
Agora Group
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
lauravintila
 
Class IT - 9febr2012
Class IT - 9febr2012Class IT - 9febr2012
Class IT - 9febr2012
Agora Group
 

More Related Content

Viewers also liked

Skinside White Paper Oct 2015
Skinside White Paper Oct 2015Skinside White Paper Oct 2015
Skinside White Paper Oct 2015
Nick Berner
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
 

Viewers also liked (11)

Skinside White Paper Oct 2015
Skinside White Paper Oct 2015Skinside White Paper Oct 2015
Skinside White Paper Oct 2015
 
Ramowy program cyklu warsztatowego synapsy
Ramowy program cyklu warsztatowego synapsyRamowy program cyklu warsztatowego synapsy
Ramowy program cyklu warsztatowego synapsy
 
Join our Vendor Network-Railrestro
Join our Vendor Network-RailrestroJoin our Vendor Network-Railrestro
Join our Vendor Network-Railrestro
 
Servicio al cliente. Actitud frente al servicio
Servicio al cliente. Actitud frente al servicioServicio al cliente. Actitud frente al servicio
Servicio al cliente. Actitud frente al servicio
 
Excel Bilinmeyenler, Kısayollar
Excel Bilinmeyenler, KısayollarExcel Bilinmeyenler, Kısayollar
Excel Bilinmeyenler, Kısayollar
 
Kitchen equipments
Kitchen equipmentsKitchen equipments
Kitchen equipments
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
OB - Contributing Disciplines to the OB Field
OB - Contributing Disciplines to the OB FieldOB - Contributing Disciplines to the OB Field
OB - Contributing Disciplines to the OB Field
 
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. SharmaUnit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
Unit-1 Lecture-2 - Light Weight Construction Materials by Brig. S.K. Sharma
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 

Similar to Arhitectura de securitate_MCloud

Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1
E-Government Center Moldova
 
Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011
Agora Group
 
Softline - 10martie2011
Softline - 10martie2011Softline - 10martie2011
Softline - 10martie2011
Agora Group
 
IT Security by provision security distribution
IT Security by provision security distributionIT Security by provision security distribution
IT Security by provision security distribution
Julian Medeleanu MBA
 
Kaspersky 1iun2011
Kaspersky 1iun2011Kaspersky 1iun2011
Kaspersky 1iun2011
Agora Group
 
Class IT - 9febr2012
Class IT - 9febr2012Class IT - 9febr2012
Class IT - 9febr2012
Agora Group
 
Dell - 21 aprilie 2011
Dell - 21 aprilie 2011Dell - 21 aprilie 2011
Dell - 21 aprilie 2011
Agora Group
 
Vincentiu Cuc - Platforma IT IMI
Vincentiu Cuc - Platforma IT IMIVincentiu Cuc - Platforma IT IMI
Vincentiu Cuc - Platforma IT IMI
IMI PQ NET Romania
 
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITProsCosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
ITSpark Community
 

Similar to Arhitectura de securitate_MCloud (20)

Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1Valeriu plamandeala platforma_tehnologica_comuna1
Valeriu plamandeala platforma_tehnologica_comuna1
 
Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011Dragos Dinca - 26oct2011
Dragos Dinca - 26oct2011
 
Softline - 10martie2011
Softline - 10martie2011Softline - 10martie2011
Softline - 10martie2011
 
MCloud operational framework
MCloud operational frameworkMCloud operational framework
MCloud operational framework
 
IT Security by provision security distribution
IT Security by provision security distributionIT Security by provision security distribution
IT Security by provision security distribution
 
Prezentare
PrezentarePrezentare
Prezentare
 
Virtualizarea mediului de lucru-24martie2010
Virtualizarea mediului de lucru-24martie2010Virtualizarea mediului de lucru-24martie2010
Virtualizarea mediului de lucru-24martie2010
 
Cloud computing caracteristici si modele v greavu
Cloud computing caracteristici si modele v greavuCloud computing caracteristici si modele v greavu
Cloud computing caracteristici si modele v greavu
 
Kaspersky 1iun2011
Kaspersky 1iun2011Kaspersky 1iun2011
Kaspersky 1iun2011
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Class IT - 9febr2012
Class IT - 9febr2012Class IT - 9febr2012
Class IT - 9febr2012
 
Widata flyer ro
Widata flyer roWidata flyer ro
Widata flyer ro
 
Cloud Computing -everything you want to know
Cloud Computing -everything you want to knowCloud Computing -everything you want to know
Cloud Computing -everything you want to know
 
Dell - 21 aprilie 2011
Dell - 21 aprilie 2011Dell - 21 aprilie 2011
Dell - 21 aprilie 2011
 
Vincentiu Cuc - Platforma IT IMI
Vincentiu Cuc - Platforma IT IMIVincentiu Cuc - Platforma IT IMI
Vincentiu Cuc - Platforma IT IMI
 
Proiect info
Proiect info Proiect info
Proiect info
 
CLOUD COMPUTING
CLOUD COMPUTINGCLOUD COMPUTING
CLOUD COMPUTING
 
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITProsCosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
Cosmin Tataru - Ce e nou in Windows 8.1 pentru ITPros
 
Windows7 Security
Windows7 SecurityWindows7 Security
Windows7 Security
 
Genesys4s - 27oct2010
Genesys4s - 27oct2010Genesys4s - 27oct2010
Genesys4s - 27oct2010
 

More from E-Government Center Moldova

The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data Analytics
E-Government Center Moldova
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariuc
E-Government Center Moldova
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedter
E-Government Center Moldova
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...
E-Government Center Moldova
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moran
E-Government Center Moldova
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur riel
E-Government Center Moldova
 

More from E-Government Center Moldova (20)

The new era of smart
The new era of smart The new era of smart
The new era of smart
 
The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data Analytics
 
Digital Transformation by Richard Baird
Digital Transformation by Richard BairdDigital Transformation by Richard Baird
Digital Transformation by Richard Baird
 
Mpay&Mcloud
Mpay&McloudMpay&Mcloud
Mpay&Mcloud
 
Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013
 
Hannes astok data protection agency
Hannes astok data protection agencyHannes astok data protection agency
Hannes astok data protection agency
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariuc
 
Hannes astok policy development
Hannes astok policy developmentHannes astok policy development
Hannes astok policy development
 
Digital security hannes astok
Digital security hannes astokDigital security hannes astok
Digital security hannes astok
 
Assessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreAssessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto Veldre
 
Ibm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloudIbm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloud
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedter
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud week
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moran
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur riel
 
4 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_20134 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_2013
 
3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud
 
2 m cloud-iurie turcanu
2 m cloud-iurie turcanu2 m cloud-iurie turcanu
2 m cloud-iurie turcanu
 

Arhitectura de securitate_MCloud

  • 1. Arhitectura de securitate M-Cloud Veaceslav Pușcașu, CISM
  • 2. Beneficii Cloud Computing: • Costuri Reduse cu infrastructura IT; • Conservare Capital - Utilizati capitalul pentru activitatea de baza nu pentru investitii in infrastructura IT • Disponibil (ALWAYS ON / ON DEMAND) • Fara batai de cap cu infrastructura IT – se pastreaza focusul pe activitatea de baza; • Performanta si disponibilitate garantate cu SLA (Centre de Date specializate, Suport tehnic de top 24 x 7);
  • 4. Beneficiile nu reprezinta totul ...securitatea in Cloud este cruciala
  • 5. De ce? • Tot mai mult ne confruntam cu grupuri organizate care dispun de resurse sofisticate cu scopul de a obtine beneficii financiare si nu numai…; • Odata cu virtualizarea, perimetrele nu mai sunt fizice iar datele nu mai sunt pastrate si protejate izolat din punct de vedere fizic; • Exista ingrijorarea ca un atacator cu acces autorizat in propriul perimetru poate dobandi acces neautorizat si control asupra intregii infrastructurii in conditiile unui mecanism de izolare non-fizic (“software only).
  • 6. Back to the feature.... Securitate Traditionala Securitate in mediu virtualizat Complexa Simpla  Multiple politici  O singura politica, pe cloud  Roluri administrative suprapuse  Separarea rolurilor  Multiple solutii pe diferite  Reducerea complexitatii configurarii echipamente pe Firewall Slaba Puternica  Agenti separati in fiecare  Firewall la nivel de hypervisor server  Fara agenti  Politici multe, rigide, alocate  Zone adaptive de incredere si per server carantina Volum mare de lucru Automatizata  Dependenta de cauza si locatie  Integrata cu mediul virtualizat  Detectie manuala  Evaluare continua automata  Remediere manuala  Remediere automata, programabila Implementarile in mediul virtualizat sunt mult mai sigure si usor de intretinut
  • 7. Arhitectura de securitate M-Cloud este necesară pentru INCREDERE = CONTROL + VIZIBILITATE pentru INFRASTRUCTURA | IDENTITATI | INFORMATII
  • 8. Arhitectura de securitate M-Cloud se bazeaza pe principu “defence in depth” • Separation of duties • Segregation of Networks • Log Everything • Pass only what we can monitor • No single point of failure • Secure Development Lifecycle
  • 9. Arhitectura de securitate M-Cloud definește cerinte minimine grupate pe 8 nivele : • Securitatea infrastructurii fizice • Securitatea infrastructurii de reţea • Securitatea infrastructurii virtuale • Controlul accesului şi securitatea datelor • Securitatea aplicaţiilor software • Monitorizarea şi testarea securităţii • Managementul operaţiunilor • Managementul riscurilor de securitate a informaţiei şi continuitatea afacerii
  • 10. Si aceasta nu-i tot….. • Procesul de asigurare a securităţii platformei M-Cloud implică diferiţi actori : • furnizorul M-Cloud (CGE) • operatorul M-Cloud (CTS) • benificiarii platformei M-Cloud (APC și structurele subordonate) • fiecare actor are definite propriile responsabilităţi
  • 11. Arhitectura de securitate este elaborată în conformitate cu reglamentările tehnice și cu cerinţele standardelor naţionale internaţionale: • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei bazelor de date în procesul de prestare serviciilor publice electronic, anexa nr.1 la ordinul MTIC 106 din 20 decembrie 2010; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010; • SM SR ISO/IEC 27002:2006; • Payment Card Industry Data Security Standard.
  • 12. Arhitectura de securitate M-Cloud a fost consulată • Experţi internaţionali în domeniul securităţii informaţiei și Cloud Computing : • Clay Lin, Chief Information Security Officer, - Banca Mondiala; • Marnix Dekker, security expert, - ENISA (European Network and Information Security Agency ); • Laurence Millar, Managing Director, GVG Ltd, New Zealand • Propunirele și sugestiile parvenite sunt incorporate in versiunea finala a documentului.
  • 13. In concluzie • Securitatea Cloud – un subiect complicat care incă provoacă discuţii în randul experţilor; • Arhitectura de securitate M-Cloud este un prin pas spre ÎNCREDERE; • Next steps: • Implementarea arhitecturii de securitate; • Definirea și implementarea conceptului de securitate ca serviciu (SecaaS); • Elaborarea si implementarea a cadrului de asigurare a continuităţii platformei M-Cloud.
  • 14. Va mulţumesc pentru atenţie!