SlideShare a Scribd company logo

ISACA Perth Virtual Security Trends

K
kimwisniewski

The presentation discusses new security considerations for virtualization as it moves beyond consolidation into cloud computing. It asks what IT professionals should consider when selling, designing, or auditing virtual infrastructure. While virtualization provides some security benefits, it also introduces risks if not implemented properly. Emerging technologies may help address these risks and enable more secure virtual and cloud environments through standards, encryption, and trusted execution. The presentation examines virtualization platforms and security across the infrastructure stack.

TechnologyNews & Politics
1 of 40
Download to read offline
ISACA Perth: 2011 Annual Conference Trends in Virtual Security (Balance Virtual Risk with Reward) Kim Wisniewski – Senior Consultant, Empired Ltd.
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud No longer can we see the data-centre computing and infrastructure-as-a-service. that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
Boundaryless IT » Boundaryless Information™ (III-RM) » Integrated Information Infrastructure Reference Model » Ref: TOGAF 9
The Next Step: Boundaryless Technology Infrastructure Cloud Meta-Virtualise Infrastructure Mesh Stack Convergence Virtual Infrastructure Legacy (old school) siloed infrastructure
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
What does Uncle Sam Say? » Hypervisors have bugs and vulnerabilities too » Physical isolation/separation principles are gone » Scoping the Infra. Mesh Audit will be tricky…
In my opinion… » The Management Constructs associated with virtualisation / cloud platforms…. The biggest risks » Your mgmt. tools and users » …& how much is exposed to them…
Some Top Virtual Risks » Prebuilt VMs/appliances containing malicious code » Improperly configured hypervisor » Improperly configured virtual firewalls or networking » Data leakage through templates/clones » Administrative or operational error » Mixing security domains without controls » Lax hypervisor patching » Lack of understanding of security principles across the entire stack A lack of process & architecture in the beginning?
Virtual Architecture 101 » It all starts with good PARENTING » Physical Security » Storage Security » Network Security » Converged Security (e.g., blades) » Hypervisor security » Guests security » Hypervisor relationship to its guests » Aggregates – clusters, pools, groups, etc. » Management Centres Principles: Isolation, Separation
Virtual Architecture 102 » Management Layer Security » Virtual Centres, SCVMMs, Remote Consoles » Admin Model » Management, Controls, Process » Audit (self audit, independent audit, the more the merrier…) Principles: Role Based, Auditability, Change Logging, treat the Hypervisor as your engine room…
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
» “I cannot see any security or legal benefits whatsoever related to cloud computing…” (A. Lawyer)
» Some NEW possibilities » Introspection APIs » Deep collection & visibility » Antivirus offload (agentless-AV) » Meta-Virtual compliance » Reporting / compliance tracking » Compliance Toolkits
» Only SOME and SPECIFIC platforms evaluated to EAL 4+ Common Criteria, NIST, DISA STIG, US DoD, NSA CSS etc…
Principles: Build a solid foundation; Use the vendor’s hardening guides; & ISACA materials (auditors too) Trust your own before anybody else's
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
Virtual Architecture 103 Virtualisation: a journey from your data-centre to some cloudy ones, some mixing it up in the middle (hybrid) » Cloud (IaaS) Security » Do you trust the providers? » Do you trust what you’re putting out there? Principles: Architectural Transparency; Understand the journey of your VMs
Meta-Virtualisation Meta = describes; is made up of; constituent parts… Meta-Virtualise – Describe the containers, relationships, requirements and boundaries between VMs • security requirements, compliance goals • minimum performance levels, SLAs • their relationship to the environment (the VI)
The Virtual Machine (Amoeba) VM 1.0 Independent; Basic environmental awareness “enough to survive”
Enhanced VMs VM 2.0 Increased controls Improved environmental awareness Still operating independently
VMs in a Petri Dish VM 3.0 Collaborating Groups Expanded META boundary e.g., VMware vAPP
Meta Groups Intranet DMZ Research
Tenant Meta DMZ Intranet Research
Multi Coca-Cola Tenant Meta ACME Corp. Infrastructure Cloud Pepsi
Meta-Virtualisation » Meta defines the principles where VMs operate » Meta follows where things move » Enforcing Meta across the converged stack, mesh, and into clouds is a challenge Think “Admission Control” – in your DC or a Cloud Provider
Vendor Reference Architecture » Secure Multi Tenancy
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
Virtualising Your DMZ » Philosophical Debate » Can & should you host your DMZ VMs on the same host/partition/environment as your other VMs? Vendor Reference Architectures aplenty; but what does the security community say?
Virtualising Your DMZ “Last week VMware achieved the status of being the ONLY hypervisor (vSphere 4.0) accredited to run Impact Level 3/Restricted VMs and Unclassified/Internet facing virtual machines on the same host/cluster.” » http://www.cesg.gov.uk/news/docs_pdfs/cesg- vmware_joint-statement14-09-11.pdf
Virtualising PCI-DSS » PCI DSS v2.0 – Virtualisation Special Interest Group (SIG) … formed late 2008 » PCI DSS Virtualisation Guidelines released June 2011
The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
Microsoft Virtualisation » Hyper-V “Open Source Promise” » Hyper-V … Cisco 1000V » Hyper-V Trusted Computing Base (TCB) » Hyper-V Security Best Practices Podcast HyperV <> Azure Convergence (IaaS)
Emerging Technologies » Cloud Connectivity & Portability » VMware’s vCloud Connector » vCloud Service Providers » Long Distance VMotion / VXLAN / OTV » Microsoft SCVMM 2012 » OpenStack » Meta-virtualisation: support for & building upon
Emerging Technologies » IaaS Cloud Encryption » Virtual machines in transit » Virtual machines runtime » Customer holds the keys » TXT/TPM Integrations » Trusted execution technology » Trusted platform module » Hypervisor & cloud stack talking the TXT lingo…
Emerging Trends Standards Based Clouds » Demonstrating compliance across the provider’s Infrastructure Mesh » e.g., FISMA Certified Clouds » Open Portability between cloud types » e.g., Azure <> vCloud <> OpenStack ???
Case Study: Los Alamos National Laboratory www.lanl.gov » Security research institution responsible for American nuclear deterrence » Achieved » NIST Certification and Accreditation » Authority to operate as FISMA moderate with VMware vCloud » Secure Multi-Tenancy (META-Virtual) » Reference Architecture forthcoming…?
What does Uncle Sam Say?
Questions kim.wisniewski@empired.com www.empired.com

Recommended

Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the CloudHorst Walther
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
SYN 220: XenApp and XenDesktop Security Best Practices
SYN 220: XenApp and XenDesktop Security Best Practices SYN 220: XenApp and XenDesktop Security Best Practices
SYN 220: XenApp and XenDesktop Security Best Practices Citrix
 
NSX on VMware Data Center
NSX on VMware Data CenterNSX on VMware Data Center
NSX on VMware Data CenterAngel Villar Garea
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdfYounesChafi1
 

Recommended

Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the CloudHorst Walther
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
SYN 220: XenApp and XenDesktop Security Best Practices
SYN 220: XenApp and XenDesktop Security Best Practices SYN 220: XenApp and XenDesktop Security Best Practices
SYN 220: XenApp and XenDesktop Security Best Practices Citrix
 
NSX on VMware Data Center
NSX on VMware Data CenterNSX on VMware Data Center
NSX on VMware Data CenterAngel Villar Garea
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdfYounesChafi1
 
An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesNiranjana Padmanabhan
 
Cloud ID
Cloud IDCloud ID
Cloud IDOpenSourceCamp
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityGahya Pandian
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015John White
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 

More Related Content

What's hot

An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesNiranjana Padmanabhan
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityGahya Pandian
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015John White
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
 

What's hot (20)

An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud Resources
 
Cloud ID
Cloud IDCloud ID
Cloud ID
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 

Similar to ISACA Perth Virtual Security Trends

PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
 
Cloud Computing and Virtualisation
Cloud Computing and VirtualisationCloud Computing and Virtualisation
Cloud Computing and Virtualisationanupriti
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...cscpconf
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
Windsor AWS UG - Introduction
Windsor AWS UG - IntroductionWindsor AWS UG - Introduction
Windsor AWS UG - IntroductionGoran Karmisevic
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...Alan Quayle
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less realguest24ab95c
 
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...Concentrated Technology
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenJohn Rhoton
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 

Similar to ISACA Perth Virtual Security Trends (20)

PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
 
Cloud Computing and Virtualisation
Cloud Computing and VirtualisationCloud Computing and Virtualisation
Cloud Computing and Virtualisation
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
Windsor AWS UG - Introduction
Windsor AWS UG - IntroductionWindsor AWS UG - Introduction
Windsor AWS UG - Introduction
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
 
Virtualization today
Virtualization todayVirtualization today
Virtualization today
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mware
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less real
 
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...
WinConnections Spring, 2011 - Constructing a vSphere Private Cloud: Strategi...
 
Hybrid Work Models, Anywhere Operations and Security
Hybrid Work Models, Anywhere Operations and SecurityHybrid Work Models, Anywhere Operations and Security
Hybrid Work Models, Anywhere Operations and Security
 
Managing The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New ChallengesManaging The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New Challenges
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für Großunternehmen
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

ISACA Perth Virtual Security Trends

  • 1. ISACA Perth: 2011 Annual Conference Trends in Virtual Security (Balance Virtual Risk with Reward) Kim Wisniewski – Senior Consultant, Empired Ltd.
  • 2. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 3. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud No longer can we see the data-centre computing and infrastructure-as-a-service. that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 4. Boundaryless IT » Boundaryless Information™ (III-RM) » Integrated Information Infrastructure Reference Model » Ref: TOGAF 9
  • 5. The Next Step: Boundaryless Technology Infrastructure Cloud Meta-Virtualise Infrastructure Mesh Stack Convergence Virtual Infrastructure Legacy (old school) siloed infrastructure
  • 6. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 7. What does Uncle Sam Say? » Hypervisors have bugs and vulnerabilities too » Physical isolation/separation principles are gone » Scoping the Infra. Mesh Audit will be tricky…
  • 8. In my opinion… » The Management Constructs associated with virtualisation / cloud platforms…. The biggest risks » Your mgmt. tools and users » …& how much is exposed to them…
  • 9. Some Top Virtual Risks » Prebuilt VMs/appliances containing malicious code » Improperly configured hypervisor » Improperly configured virtual firewalls or networking » Data leakage through templates/clones » Administrative or operational error » Mixing security domains without controls » Lax hypervisor patching » Lack of understanding of security principles across the entire stack A lack of process & architecture in the beginning?
  • 10. Virtual Architecture 101 » It all starts with good PARENTING » Physical Security » Storage Security » Network Security » Converged Security (e.g., blades) » Hypervisor security » Guests security » Hypervisor relationship to its guests » Aggregates – clusters, pools, groups, etc. » Management Centres Principles: Isolation, Separation
  • 11. Virtual Architecture 102 » Management Layer Security » Virtual Centres, SCVMMs, Remote Consoles » Admin Model » Management, Controls, Process » Audit (self audit, independent audit, the more the merrier…) Principles: Role Based, Auditability, Change Logging, treat the Hypervisor as your engine room…
  • 12. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 13. » “I cannot see any security or legal benefits whatsoever related to cloud computing…” (A. Lawyer)
  • 14. » Some NEW possibilities » Introspection APIs » Deep collection & visibility » Antivirus offload (agentless-AV) » Meta-Virtual compliance » Reporting / compliance tracking » Compliance Toolkits
  • 15. » Only SOME and SPECIFIC platforms evaluated to EAL 4+ Common Criteria, NIST, DISA STIG, US DoD, NSA CSS etc…
  • 16. Principles: Build a solid foundation; Use the vendor’s hardening guides; & ISACA materials (auditors too) Trust your own before anybody else's
  • 17. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 18. Virtual Architecture 103 Virtualisation: a journey from your data-centre to some cloudy ones, some mixing it up in the middle (hybrid) » Cloud (IaaS) Security » Do you trust the providers? » Do you trust what you’re putting out there? Principles: Architectural Transparency; Understand the journey of your VMs
  • 19. Meta-Virtualisation Meta = describes; is made up of; constituent parts… Meta-Virtualise – Describe the containers, relationships, requirements and boundaries between VMs • security requirements, compliance goals • minimum performance levels, SLAs • their relationship to the environment (the VI)
  • 20. The Virtual Machine (Amoeba) VM 1.0 Independent; Basic environmental awareness “enough to survive”
  • 21. Enhanced VMs VM 2.0 Increased controls Improved environmental awareness Still operating independently
  • 22. VMs in a Petri Dish VM 3.0 Collaborating Groups Expanded META boundary e.g., VMware vAPP
  • 23. Meta Groups Intranet DMZ Research
  • 24. Tenant Meta DMZ Intranet Research
  • 25. Multi Coca-Cola Tenant Meta ACME Corp. Infrastructure Cloud Pepsi
  • 26. Meta-Virtualisation » Meta defines the principles where VMs operate » Meta follows where things move » Enforcing Meta across the converged stack, mesh, and into clouds is a challenge Think “Admission Control” – in your DC or a Cloud Provider
  • 27. Vendor Reference Architecture » Secure Multi Tenancy
  • 28. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 29. Virtualising Your DMZ » Philosophical Debate » Can & should you host your DMZ VMs on the same host/partition/environment as your other VMs? Vendor Reference Architectures aplenty; but what does the security community say?
  • 30. Virtualising Your DMZ “Last week VMware achieved the status of being the ONLY hypervisor (vSphere 4.0) accredited to run Impact Level 3/Restricted VMs and Unclassified/Internet facing virtual machines on the same host/cluster.” » http://www.cesg.gov.uk/news/docs_pdfs/cesg- vmware_joint-statement14-09-11.pdf
  • 31. Virtualising PCI-DSS » PCI DSS v2.0 – Virtualisation Special Interest Group (SIG) … formed late 2008 » PCI DSS Virtualisation Guidelines released June 2011
  • 32. The Abstract » Virtualisation has come a long way in the past ten years. We are looking beyond the pure consolidation benefits of server virtualisation, into a future of cloud computing and infrastructure-as-a-service. No longer can we see the data-centre that our virtual machines are running in, the safety cord is broken. This opens the door to a plethora of new security considerations that security professionals need to be aware of to remain competitive. » This presentation looks at the current state of virtualisation asking the following questions: What should IT professionals consider when selling, designing or auditing a virtual infrastructure? Are there any security benefits are with virtualisation? How can we safely deploy our virtual machines in the cloud? Can PCI compliance be reached in a virtual world? Is it even safe to virtualise my DMZ? » The presentation will look at these objectives within the context of the common virtualisation platforms on the market today, concluding with a look into the future at emerging technologies and virtualisation standards that may help those in pursuit of the ultimate secure virtual world.
  • 33. Microsoft Virtualisation » Hyper-V “Open Source Promise” » Hyper-V … Cisco 1000V » Hyper-V Trusted Computing Base (TCB) » Hyper-V Security Best Practices Podcast HyperV <> Azure Convergence (IaaS)
  • 34. Emerging Technologies » Cloud Connectivity & Portability » VMware’s vCloud Connector » vCloud Service Providers » Long Distance VMotion / VXLAN / OTV » Microsoft SCVMM 2012 » OpenStack » Meta-virtualisation: support for & building upon
  • 35. Emerging Technologies » IaaS Cloud Encryption » Virtual machines in transit » Virtual machines runtime » Customer holds the keys » TXT/TPM Integrations » Trusted execution technology » Trusted platform module » Hypervisor & cloud stack talking the TXT lingo…
  • 36. Emerging Trends Standards Based Clouds » Demonstrating compliance across the provider’s Infrastructure Mesh » e.g., FISMA Certified Clouds » Open Portability between cloud types » e.g., Azure <> vCloud <> OpenStack ???
  • 37. Case Study: Los Alamos National Laboratory www.lanl.gov » Security research institution responsible for American nuclear deterrence » Achieved » NIST Certification and Accreditation » Authority to operate as FISMA moderate with VMware vCloud » Secure Multi-Tenancy (META-Virtual) » Reference Architecture forthcoming…?
  • 38.
  • 39. What does Uncle Sam Say?