SlideShare una empresa de Scribd logo

Rationalization and Defense in Depth - Two Steps Closer to the Cloud

Bob Rhubart
Bob Rhubart

Security represents one of the biggest concerns about cloud computing. In this session we’ll get past the FUD with a real-world look at some key issues. We’ll discuss the infrastructure necessary to support rationalization and security services, explore architecture for defense –in-depth, and deal frankly with the good, the bad, and the ugly in Cloud security. (As presented by Dave Chappelle at OTN Architect Day in Chicago, October 24, 2011.)

Tecnología
1 de 21
Descargar para leer sin conexión
<Insert Picture Here> OTN Architect Day Security Breakout Session Dave Chappelle 24 October 2011
Rationalization and Defense in Depth - Two Steps Closer to the Clouds OTN Architect Day 2011
Perimeter Security DB All network traffic All network traffic blocked blocked except for except from the proxy. specific ports. Web Server Application Message Mainframe (app Proxy) Server Queue Application Client Firewall Firewall DB DB DMZ Unprotected Zone Perimeter Protected Zone(s) • Can establish multiple perimeters • Alone, often involves a lot of implied trust • Each perimeter can be more restrictive • Modern environments don’t have such a clearly • Perimeters can be at varying degrees of granularity defined perimeter OTN Architect Day 2011
Defense in Depth • Military defensive strategy to secure a position using multiple defense "Krak des Chavaliers“, Syria mechanisms. • Less emphasis is placed on a single perimeter wall • Several barriers and different types of fortifications • Objective is to win the battle by attrition. The attacker may overcome some barriers but can’t sustain the attack for such a long period of time. OTN Architect Day 2011
Several Layers of Defense Data Each layer introduces Each layer can contain Application additional security multiple levels of measures Host control Internal Network Perimeter Physical Policies, Procedures, & Awareness OTN Architect Day 2011
Defense in Depth: Greater Control Many enforcement points Data Application / Service Host Internal Network Perimeter Physical Policies & Procedures Consistent set of policies & procedures OTN Architect Day 2011
Security Silos Support • Application silos with their own standalone security architecture • Integration is hard enough without security ! ! • End users have many logins & passwords End User Security Administrator • Administration is time- consuming and error-prone • Auditing is inaccurate ? and/or impossible Finance Sales Security Auditor OTN Architect Day 2011
Security Framework Support • Security is part of the foundation, not an inconvenient afterthought • Users have one identity and a set of roles & attributes that govern access End User Security Security Administrator • Administration operator-centric, not Framework system-centric • Auditing is possible and realistic Finance Sales Security Auditor OTN Architect Day 2011
Security Framework High Level Architecture Information Processing: Information Management: • Provides a secure run-time environment • Provides confidentiality, integrity, and • Offer security services to business logic availability for information management • Allow solution-level security admin • Allow db-level security administration Security Framework: Development & Administration Business • Provides shared security services Information Design & Logic • Manage security data for the enterprise • Allow enterprise-level security admin Information Security Interfaces Management Processing Security Interfaces: Security Services • Provide consistent access to security Shared Security Services services • Embrace open, common industry Enterprise Security Information standards Security Management & Administration Enterprise Security Framework OTN Architect Day 2011
Container-Based Computing Platform • Container enforces security on behalf of the protected resources Inbound Requests • Access to security services via Web Business Client Pages Logic standard APIs & libraries Protected Resources • Plug-in framework allows one to Container configure multiple providers for each Standard Security APIs & Libraries security service Platform Security Plug-in Framework • Providers may be selected and Security Providers configured based on the needs of the solution Security Services Authentication Authorization Credential Mapping • Providers can be included with the Role Mapping Auditing Encryption … platform or custom written for a specific purpose OTN Architect Day 2011
Database Platform Security • Transactional • Historical Administration • Unstructured Information Design & Administrative • Audit • Access Control • Security Information • SoD Rules & Controls • Realms Management • Auditing Security Services Access Control Encryption & Masking Auditing & Availability • Multi-Factor AuthN • Network • Central collection & control • Label Security • Persistence • Local online archive • Table Policies • Backup Firewall • Connection Id • Dev & Test Masking • SQL inspection & rejection OTN Architect Day 2011
Security Framework Security Framework Authentication Federation Self Service Key Mgmt Services: Authorization WSS Policy SSO Audit Attribute Security Users & Federated Groups Access WSS Audit Certs Information: Identity Identities & Roles Policies Policies Logs & Keys Administration & Management: Role Management Key Management Access Policy Identity Management Directory Management Governance Management • UIs & APIs • Synchronization • Attestation • Approval Workflows • Virtualization • Risk Analysis Authentication • Provisioning Workflows • Change Detection & Alerts • Reporting Policy • System Integration • Reconciliation • Auditing Management OTN Architect Day 2011
SOA Scenario Policy Manager App Server App Server Service WSS WSS Service Consumer Agent Agent Provider Platform Security Id CM Mediation AAA Id Platform Security WSS Agent Legacy DB Platform Service Firewalls Security Provider DMZ Security External WSS AuthN AuthZ Audit Token Consumer Gateway Service Service Service Service OTN Architect Day 2011
Jumping to Cloud Before You Leap… OTN Architect Day 2011
(Some of) The Good… • Cloud providers have a deep vested interest in security • Must prove themselves to the market • Often much greater investment and attention to detail than traditional IT • Cloud homogeneity makes security auditing/testing simpler • Shifting public data to an external cloud reduces the exposure of the internal sensitive data • Data held by an unbiased party http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
…The Bad… • Multi-tenancy; need for isolation management • High value target for hackers • Fragmentation; creation of more silos • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
…& The Ugly • Trusting another vendor’s security model • Proprietary implementations • Audit & compliance • Availability: Relying on a vendor to stay in business http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
SaaS Patterns Authorization Authorization Access Policy Access Policy Management Management Provider B Identity Provider Management A Provider SAML C User id & attributes User Id SPML SAML Authentication Authorization Authentication Authorization STS Identity Provider D Management Identity Access Policy Management Management SAML, WS-Trust, Access Policy WS-Federation Management OTN Architect Day 2011
Recommendations 1. Assess your risks 2. Classify your information 3. Define policies and procedures 4. Maintain most sensitive data in house 5. Don’t outsource your security management 6. Follow a security architecture / roadmap 7. Design patterns for cloud computing 8. Choose a secure platform OTN Architect Day 2011
Takeaways (Cloud or not)  Deploy Defense in Depth • Good general strategy to protect highly distributed systems (SOA, BPM, Cloud, etc.) • Limit your risks  Rationalize & Consolidate • Standardized frameworks, services, & technologies • Implement processes & policies  Plan Ahead • Classification strategy: know your systems & data • Cloud strategy: know your options & vendors • Risk management: choose wisely & CYA Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies
Rationalization and Defense in Depth - Two Steps Closer to the Cloud

Recomendados

Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
Intel IT Center
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
Symantec
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 

Recomendados

Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
Intel IT Center
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
Symantec
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
Symantec
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
Mir Mustafa Ali
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
 
Cloud computing Security
Cloud computing SecurityCloud computing Security
Cloud computing Security
Cloud Genius
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
Tzar Umang
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
Porticor - The Cloud Security Experts
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
SHIVA101531
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
Steven Russo
 
[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security
Carles Farré
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Symantec
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Private Cloud
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
Symantec
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
North Texas Chapter of the ISSA
 
Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
Coastal Pet Products, Inc.
 

Más contenido relacionado

La actualidad más candente

Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security
Carles Farré
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Private Cloud
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 

La actualidad más candente (20)

Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Cloud computing Security
Cloud computing SecurityCloud computing Security
Cloud computing Security
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
 
[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security[DSBW Spring 2009] Unit 08: WebApp Security
[DSBW Spring 2009] Unit 08: WebApp Security
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 

Destacado

Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
Coastal Pet Products, Inc.
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
IBM Security
 

Destacado (20)

NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
 
Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 
Lan & Wan
Lan & WanLan & Wan
Lan & Wan
 
Smart grid security
Smart grid securitySmart grid security
Smart grid security
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 

Similar a Rationalization and Defense in Depth - Two Steps Closer to the Cloud

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
OracleIDM
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
davebrosnan
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
Andris Soroka
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
Microsoft Singapore
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Sverige
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
 

Similar a Rationalization and Defense in Depth - Two Steps Closer to the Cloud (20)

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
End-point Management
End-point ManagementEnd-point Management
End-point Management
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Symantec V-Ray
Symantec V-RaySymantec V-Ray
Symantec V-Ray
 
Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
 
Migrating To Cloud &amp; Security @ FOBE 2011
Migrating To Cloud &amp; Security @ FOBE 2011Migrating To Cloud &amp; Security @ FOBE 2011
Migrating To Cloud &amp; Security @ FOBE 2011
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 

Más de Bob Rhubart

Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the Cloud
Bob Rhubart
 

Más de Bob Rhubart (20)

Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud Adoption
 
High Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingHigh Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud Computing
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle Coherence
 
Making IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingMaking IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud Computing
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Oracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudOracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the Cloud
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOA
 
Cloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsCloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and Directions
 
Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the Cloud
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
Application-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsApplication-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural Considerations
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the Future
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleCloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Rationalization and Defense in Depth - Two Steps Closer to the Cloud

  • 1. <Insert Picture Here> OTN Architect Day Security Breakout Session Dave Chappelle 24 October 2011
  • 2. Rationalization and Defense in Depth - Two Steps Closer to the Clouds OTN Architect Day 2011
  • 3. Perimeter Security DB All network traffic All network traffic blocked blocked except for except from the proxy. specific ports. Web Server Application Message Mainframe (app Proxy) Server Queue Application Client Firewall Firewall DB DB DMZ Unprotected Zone Perimeter Protected Zone(s) • Can establish multiple perimeters • Alone, often involves a lot of implied trust • Each perimeter can be more restrictive • Modern environments don’t have such a clearly • Perimeters can be at varying degrees of granularity defined perimeter OTN Architect Day 2011
  • 4. Defense in Depth • Military defensive strategy to secure a position using multiple defense "Krak des Chavaliers“, Syria mechanisms. • Less emphasis is placed on a single perimeter wall • Several barriers and different types of fortifications • Objective is to win the battle by attrition. The attacker may overcome some barriers but can’t sustain the attack for such a long period of time. OTN Architect Day 2011
  • 5. Several Layers of Defense Data Each layer introduces Each layer can contain Application additional security multiple levels of measures Host control Internal Network Perimeter Physical Policies, Procedures, & Awareness OTN Architect Day 2011
  • 6. Defense in Depth: Greater Control Many enforcement points Data Application / Service Host Internal Network Perimeter Physical Policies & Procedures Consistent set of policies & procedures OTN Architect Day 2011
  • 7. Security Silos Support • Application silos with their own standalone security architecture • Integration is hard enough without security ! ! • End users have many logins & passwords End User Security Administrator • Administration is time- consuming and error-prone • Auditing is inaccurate ? and/or impossible Finance Sales Security Auditor OTN Architect Day 2011
  • 8. Security Framework Support • Security is part of the foundation, not an inconvenient afterthought • Users have one identity and a set of roles & attributes that govern access End User Security Security Administrator • Administration operator-centric, not Framework system-centric • Auditing is possible and realistic Finance Sales Security Auditor OTN Architect Day 2011
  • 9. Security Framework High Level Architecture Information Processing: Information Management: • Provides a secure run-time environment • Provides confidentiality, integrity, and • Offer security services to business logic availability for information management • Allow solution-level security admin • Allow db-level security administration Security Framework: Development & Administration Business • Provides shared security services Information Design & Logic • Manage security data for the enterprise • Allow enterprise-level security admin Information Security Interfaces Management Processing Security Interfaces: Security Services • Provide consistent access to security Shared Security Services services • Embrace open, common industry Enterprise Security Information standards Security Management & Administration Enterprise Security Framework OTN Architect Day 2011
  • 10. Container-Based Computing Platform • Container enforces security on behalf of the protected resources Inbound Requests • Access to security services via Web Business Client Pages Logic standard APIs & libraries Protected Resources • Plug-in framework allows one to Container configure multiple providers for each Standard Security APIs & Libraries security service Platform Security Plug-in Framework • Providers may be selected and Security Providers configured based on the needs of the solution Security Services Authentication Authorization Credential Mapping • Providers can be included with the Role Mapping Auditing Encryption … platform or custom written for a specific purpose OTN Architect Day 2011
  • 11. Database Platform Security • Transactional • Historical Administration • Unstructured Information Design & Administrative • Audit • Access Control • Security Information • SoD Rules & Controls • Realms Management • Auditing Security Services Access Control Encryption & Masking Auditing & Availability • Multi-Factor AuthN • Network • Central collection & control • Label Security • Persistence • Local online archive • Table Policies • Backup Firewall • Connection Id • Dev & Test Masking • SQL inspection & rejection OTN Architect Day 2011
  • 12. Security Framework Security Framework Authentication Federation Self Service Key Mgmt Services: Authorization WSS Policy SSO Audit Attribute Security Users & Federated Groups Access WSS Audit Certs Information: Identity Identities & Roles Policies Policies Logs & Keys Administration & Management: Role Management Key Management Access Policy Identity Management Directory Management Governance Management • UIs & APIs • Synchronization • Attestation • Approval Workflows • Virtualization • Risk Analysis Authentication • Provisioning Workflows • Change Detection & Alerts • Reporting Policy • System Integration • Reconciliation • Auditing Management OTN Architect Day 2011
  • 13. SOA Scenario Policy Manager App Server App Server Service WSS WSS Service Consumer Agent Agent Provider Platform Security Id CM Mediation AAA Id Platform Security WSS Agent Legacy DB Platform Service Firewalls Security Provider DMZ Security External WSS AuthN AuthZ Audit Token Consumer Gateway Service Service Service Service OTN Architect Day 2011
  • 14. Jumping to Cloud Before You Leap… OTN Architect Day 2011
  • 15. (Some of) The Good… • Cloud providers have a deep vested interest in security • Must prove themselves to the market • Often much greater investment and attention to detail than traditional IT • Cloud homogeneity makes security auditing/testing simpler • Shifting public data to an external cloud reduces the exposure of the internal sensitive data • Data held by an unbiased party http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 16. …The Bad… • Multi-tenancy; need for isolation management • High value target for hackers • Fragmentation; creation of more silos • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 17. …& The Ugly • Trusting another vendor’s security model • Proprietary implementations • Audit & compliance • Availability: Relying on a vendor to stay in business http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 18. SaaS Patterns Authorization Authorization Access Policy Access Policy Management Management Provider B Identity Provider Management A Provider SAML C User id & attributes User Id SPML SAML Authentication Authorization Authentication Authorization STS Identity Provider D Management Identity Access Policy Management Management SAML, WS-Trust, Access Policy WS-Federation Management OTN Architect Day 2011
  • 19. Recommendations 1. Assess your risks 2. Classify your information 3. Define policies and procedures 4. Maintain most sensitive data in house 5. Don’t outsource your security management 6. Follow a security architecture / roadmap 7. Design patterns for cloud computing 8. Choose a secure platform OTN Architect Day 2011
  • 20. Takeaways (Cloud or not)  Deploy Defense in Depth • Good general strategy to protect highly distributed systems (SOA, BPM, Cloud, etc.) • Limit your risks  Rationalize & Consolidate • Standardized frameworks, services, & technologies • Implement processes & policies  Plan Ahead • Classification strategy: know your systems & data • Cloud strategy: know your options & vendors • Risk management: choose wisely & CYA Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies