SlideShare una empresa de Scribd logo

Cloud Security Perspectives Explained

Descargar como PPTX, PDF
N
Neha Dhawan

Cloud security is a top concern for customers. Providers must demonstrate sound security practices to protect customer and provider data and mitigate risks. While security requirements are not different in cloud computing, worries can grow due to anonymous interactions and low pricing. Key customer concerns include loss of governance, compliance risks, isolation failures, securing data handling, managing interfaces, and the risk of malicious insiders. Providers must implement measures like isolation mechanisms, access controls, encryption, auditing, and policies to address these concerns.

EducaciónTecnologíaEmpresariales
1 de 12
Cloud Security Perspectives Dan Carlsen Certified Security IT Specialist – IBM dcarlsen@us.ibm.com © 2011 IBM Corporation
Perspectives Security is one of the top customer concerns about Cloud Computing What does this mean? Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider. The security requirements in cloud computing are not different from other distributed environments operated in a service provider model. However, through the low price points offered in a cloud and an often more anonymous consumer-provider- interaction, worries can grow. .  IBM Corporation 2 © 2011 IBM Corporation
Security in the Cloud A recent Appirio survey of 150+ mid to According to IBM's Institute for large-sized firms that have already Business Value 2010 Global IT Risk adopted cloud applications: Study, cloud computing raised serious concerns among respondents Very Important about the use, access and control of Important Somewhat Important data Of Little Importance Unimportant Ensuring security & compliance Cloud M akes pr ot ect ing Single Biggest Misconception about the Cloud pr ivacy more difficult 77% % of Respondents Security is an issue with the cloud 28% Concerned about a 50% dat a breach or loss Cloud solutions are difficult to integrate 15% Cloud solutions have a higher chance of lock-in 13% Cloud solutions are difficult to customize 12% concer ned about a weakening of t he cor por at e net wor k 23% Cloud solutions are not reliable 10% Cloud vendors are not yet viable 8% None 7% The cloud model is not proven 6% 3 © 2011 IBM Corporation
Customer Concerns with Cloud Computing *  LOSS OF GOVERNANCE: Customer relinquishes some control over the infrastructure. TRUST in the provider is paramount. Providers experience with outsourcing provides evidence of trust.  COMPLIANCE RISKS: The providers operational characteristics directly affect the ability for a customer to achieve compliance with appropriate regulations and industry standards.  ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional Operating Systems  DATA HANDLING - DATA PROTECTION: The customer relinquishes control over their data to the provider. The provider must give demonstrable assurances to the customer that their data is maintained securely from other tenants of the cloud. These assurances are part of the basis for trust in the provider - INSECURE or INCOMPLETE DATA DELETION: Does the provider ensure that data is deleted in a manner that does not allow leakage upon re-allocation.  MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities  MALICIOUS INSIDER: Cloud architectures necessitate certain roles which give the provider highly privileged capabilities. Provider operations, monitoring and incident handling build trust with the customer. Providers history of  IBM Corporation running outsourcing contracts also builds trust * 2009 European Network and Information Security Agency (ENISA) Cloud Computing: Benefits, risks and recommendations for information security 4 © 2011 IBM Corporation
Loss of Governance  TRUST - Concerns that at some level the customer is relinquishing control  Raises the questions - Can I trust the provider to handle my data in a manner that meets my requirements - How assured am I that the provider is managing the cloud in a competent manner - How assured am I that my data is separated from other tenants - How assured am I that my data is protected from insiders at the provider  IBM Corporation 5 © 2011 IBM Corporation
Compliance Risks  Challenges - Myriad of different regulations, industry practices that a customer must meet - Customer is ultimately responsible for being compliant with the appropriate measures - Cloud provider capabilities factor into how a customer achieves their compliance objectives - Different cloud types put different burden on the provider (e.g. Infrastructure-as-a- Service on data center operations, Software-as-a-Service on application compliance)  Measures in Development/Test Cloud and Desktop Cloud - Our current infrastructure-focused service products, customer data is opaque to the provider. Provider is a custodian of the data, and does not touch the customer data - Typically in industry-specific compliance policies, from an infrastructure perspective, deal with:  Managing privileged access  Auditing of accesses to data by provider staff   Policies and practices for dealing with incidents IBM Corporation 6 © 2011 IBM Corporation
Isolation Failure  Challenges - Providing robust means of separating customers from each other.  Measures in Development/Test Cloud and Desktop Cloud - Development/Test cloud is a “multi-instance” form of multi-tenancy  Customers get “instances” of operating system images, which execute on resources that are shared between multiple tenants. - Mechanisms  Hypervisors - enforces separation of operating system instances within a single physical hardware system. Provides a “logical” air-gap between customers  Network Separation -Firewalls - Customer controlled -implemented independent of the operating systems at the hypervisor utilizing Trusted Virtual Domains -Virtual LANs  IBM Corporation -Customers can choose to have their guest images on a dedicated virtual LAN -VLANs connect back to the customer using Virtual Private Networks 7 © 2011 IBM Corporation
Data Handling  Challenges - Ensuring that customer data is available to only that customer - Ensuring that when a customer deletes data (or ephemeral data is no longer in use) that it becomes unreadable  Measures in Development/Test Cloud and Desktop Cloud - Data Protection  Customers provided with the ability to create “virtual disk drives”(VDD) (files which are presented to virtual machines as block devices). Customer can utilize operating system and application level encryption against these as they are accessed as native file systems to the guests.  Each customers data is stored in a unique “file set” within the CC storage structure  Access Control Lists (ACL’s) are used to ensure separation of customers. Guests run as a specific “customer” user. ACL’s on files are set to that user. - Data Destruction  Any data on disk is securely erased using a US DoD algorithm when deleted  IBM Corporation  Ephemeral storage - when the storage is no longer used by a virtual machine  Customer VDDs - when deleted from the management console. 8 © 2011 IBM Corporation
Management Interface Compromise  Challenges - Ensuring customer operations are separated from other customers - Ensuring that web based interfaces implement robust security practices - Ensuring customer accesses to their resources are managed and controlled by the customer  Measures in Development/Test Cloud and Desktop Cloud - Administrative Portal  Authenticated via Web Identity  Authorized via Portal Access Controls  Provides interfaces to initiate automated work flows for discrete tasks - Customer manages the privileges of their user base  Operations logged - end to end transaction auditing - Operating Systems Guests  Once provisioned IBM has no direct access to the guest VM;s  IBM Corporation  Customers provided with initial SSH Key pair or Administrative password - Customers MUST change these and any middleware administrative passwords upon taking control over the guest 9 © 2011 IBM Corporation
Malicious Insider  Challenges - Ensuring that Cloud providers enforce policies for administrative operations to the infrastructure. This includes disciplinary policies. - Ensuring that the provider has documented policies which are applied for all administrators  Measures in Development/Test Cloud and Desktop Cloud - Automation  Not a traditional Security construct  Automation assures control over specific administrative tasks which are broken down to well defined work flow sequences. -Automation is audited end to end to be able to re-construct a given work flow - Human Administration  All infrastructure components are managed/operated to the same policies as IBM Internal systems (ITCS104).  Shared user ID’s are prohibited. Each administrative user uses their own ID to authenticate.  IBM Corporation  User authorizations assigned based on least privilege principles.  IBM’s business conduct guidelines provide the framework for disciplinary action should administrative privileges be abused. 10 © 2011 IBM Corporation
Monitoring/Reporting  Challenges - Ensuring that the infrastructure is managed per provider specified policies - Providing reports to customers about operations which affect the infrastructure as a whole or their specific resources.  Measures in Development/Test cloud and Desktop Cloud - Logging  Infrastructure systems enable operating system audit capabilities  End to end operation flows are logged and auditable  Audit log data is retained for 90 days  Logs are monitored and incident tickets raised for any actions which are not permitted. - Intrusion  Infrastructure is monitored by Intrusion Detection & Protection systems (IDS/IPS)  Internet points of ingress and egress are monitored with IDS/IPS  Future - will provide customer specific IDS/IPS through hypervisor introspection technology - Reporting  IBM Corporation  Internal reporting of security incidents through monitoring of audit data  Future - customer level reports of actions which affect/alter the security of the infrastructure that directly relates to their resources. 11 © 2011 IBM Corporation
For more information on Cloud computing  http://www.ibm.com/cloud  Cloud Security Whitepaper - http://www- 03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTA CH_FILE1&fileName=10-0861_US Cloud Computing White Paper_Final_LR.pdf © 2011 IBM Corporation

Recomendados

HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 

Recomendados

HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMUndgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMIBM Danmark
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointHyTrust
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protectionE-Government Center Moldova
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
Bi cloud saa_s
Bi cloud saa_sBi cloud saa_s
Bi cloud saa_sYustinus Malawau
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsIBM India Smarter Computing
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
TrendMicro
TrendMicroTrendMicro
TrendMicro1CloudRoad.com
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & Moreceriumnetworks
 
Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011graywilliams
 
Test
TestTest
TestMuu Nattapat
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
Reviews kindle fire hd 7
Reviews kindle fire hd 7Reviews kindle fire hd 7
Reviews kindle fire hd 7Nyton Amazon
 

Más contenido relacionado

La actualidad más candente

Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMUndgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMIBM Danmark
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointHyTrust
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsIBM India Smarter Computing
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & Moreceriumnetworks
 

La actualidad más candente (18)

Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMUndgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
Bi cloud saa_s
Bi cloud saa_sBi cloud saa_s
Bi cloud saa_s
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & More
 

Destacado

Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011graywilliams
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
Reviews kindle fire hd 7
Reviews kindle fire hd 7Reviews kindle fire hd 7
Reviews kindle fire hd 7Nyton Amazon
 
The Age of the Brandividual
The Age of the BrandividualThe Age of the Brandividual
The Age of the BrandividualMike Merrill
 
0748496- Evolution of the Video Game Console
0748496- Evolution of the Video Game Console0748496- Evolution of the Video Game Console
0748496- Evolution of the Video Game ConsoleAli G
 

Destacado (7)

Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011Good Cloud Bad Cloud NG security summit june 2011
Good Cloud Bad Cloud NG security summit june 2011
 
Test
TestTest
Test
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
 
Reviews kindle fire hd 7
Reviews kindle fire hd 7Reviews kindle fire hd 7
Reviews kindle fire hd 7
 
The Age of the Brandividual
The Age of the BrandividualThe Age of the Brandividual
The Age of the Brandividual
 
0748496- Evolution of the Video Game Console
0748496- Evolution of the Video Game Console0748496- Evolution of the Video Game Console
0748496- Evolution of the Video Game Console
 
Computer Essentials
Computer EssentialsComputer Essentials
Computer Essentials
 

Similar a Cloud Security Perspectives Explained

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Ast 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_securityAst 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_securityAccenture
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 

Similar a Cloud Security Perspectives Explained (20)

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Ast 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_securityAst 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_security
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 

Último

ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 

Último (20)

ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 

Cloud Security Perspectives Explained

  • 1. Cloud Security Perspectives Dan Carlsen Certified Security IT Specialist – IBM dcarlsen@us.ibm.com © 2011 IBM Corporation
  • 2. Perspectives Security is one of the top customer concerns about Cloud Computing What does this mean? Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider. The security requirements in cloud computing are not different from other distributed environments operated in a service provider model. However, through the low price points offered in a cloud and an often more anonymous consumer-provider- interaction, worries can grow. .  IBM Corporation 2 © 2011 IBM Corporation
  • 3. Security in the Cloud A recent Appirio survey of 150+ mid to According to IBM's Institute for large-sized firms that have already Business Value 2010 Global IT Risk adopted cloud applications: Study, cloud computing raised serious concerns among respondents Very Important about the use, access and control of Important Somewhat Important data Of Little Importance Unimportant Ensuring security & compliance Cloud M akes pr ot ect ing Single Biggest Misconception about the Cloud pr ivacy more difficult 77% % of Respondents Security is an issue with the cloud 28% Concerned about a 50% dat a breach or loss Cloud solutions are difficult to integrate 15% Cloud solutions have a higher chance of lock-in 13% Cloud solutions are difficult to customize 12% concer ned about a weakening of t he cor por at e net wor k 23% Cloud solutions are not reliable 10% Cloud vendors are not yet viable 8% None 7% The cloud model is not proven 6% 3 © 2011 IBM Corporation
  • 4. Customer Concerns with Cloud Computing *  LOSS OF GOVERNANCE: Customer relinquishes some control over the infrastructure. TRUST in the provider is paramount. Providers experience with outsourcing provides evidence of trust.  COMPLIANCE RISKS: The providers operational characteristics directly affect the ability for a customer to achieve compliance with appropriate regulations and industry standards.  ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional Operating Systems  DATA HANDLING - DATA PROTECTION: The customer relinquishes control over their data to the provider. The provider must give demonstrable assurances to the customer that their data is maintained securely from other tenants of the cloud. These assurances are part of the basis for trust in the provider - INSECURE or INCOMPLETE DATA DELETION: Does the provider ensure that data is deleted in a manner that does not allow leakage upon re-allocation.  MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities  MALICIOUS INSIDER: Cloud architectures necessitate certain roles which give the provider highly privileged capabilities. Provider operations, monitoring and incident handling build trust with the customer. Providers history of  IBM Corporation running outsourcing contracts also builds trust * 2009 European Network and Information Security Agency (ENISA) Cloud Computing: Benefits, risks and recommendations for information security 4 © 2011 IBM Corporation
  • 5. Loss of Governance  TRUST - Concerns that at some level the customer is relinquishing control  Raises the questions - Can I trust the provider to handle my data in a manner that meets my requirements - How assured am I that the provider is managing the cloud in a competent manner - How assured am I that my data is separated from other tenants - How assured am I that my data is protected from insiders at the provider  IBM Corporation 5 © 2011 IBM Corporation
  • 6. Compliance Risks  Challenges - Myriad of different regulations, industry practices that a customer must meet - Customer is ultimately responsible for being compliant with the appropriate measures - Cloud provider capabilities factor into how a customer achieves their compliance objectives - Different cloud types put different burden on the provider (e.g. Infrastructure-as-a- Service on data center operations, Software-as-a-Service on application compliance)  Measures in Development/Test Cloud and Desktop Cloud - Our current infrastructure-focused service products, customer data is opaque to the provider. Provider is a custodian of the data, and does not touch the customer data - Typically in industry-specific compliance policies, from an infrastructure perspective, deal with:  Managing privileged access  Auditing of accesses to data by provider staff   Policies and practices for dealing with incidents IBM Corporation 6 © 2011 IBM Corporation
  • 7. Isolation Failure  Challenges - Providing robust means of separating customers from each other.  Measures in Development/Test Cloud and Desktop Cloud - Development/Test cloud is a “multi-instance” form of multi-tenancy  Customers get “instances” of operating system images, which execute on resources that are shared between multiple tenants. - Mechanisms  Hypervisors - enforces separation of operating system instances within a single physical hardware system. Provides a “logical” air-gap between customers  Network Separation -Firewalls - Customer controlled -implemented independent of the operating systems at the hypervisor utilizing Trusted Virtual Domains -Virtual LANs  IBM Corporation -Customers can choose to have their guest images on a dedicated virtual LAN -VLANs connect back to the customer using Virtual Private Networks 7 © 2011 IBM Corporation
  • 8. Data Handling  Challenges - Ensuring that customer data is available to only that customer - Ensuring that when a customer deletes data (or ephemeral data is no longer in use) that it becomes unreadable  Measures in Development/Test Cloud and Desktop Cloud - Data Protection  Customers provided with the ability to create “virtual disk drives”(VDD) (files which are presented to virtual machines as block devices). Customer can utilize operating system and application level encryption against these as they are accessed as native file systems to the guests.  Each customers data is stored in a unique “file set” within the CC storage structure  Access Control Lists (ACL’s) are used to ensure separation of customers. Guests run as a specific “customer” user. ACL’s on files are set to that user. - Data Destruction  Any data on disk is securely erased using a US DoD algorithm when deleted  IBM Corporation  Ephemeral storage - when the storage is no longer used by a virtual machine  Customer VDDs - when deleted from the management console. 8 © 2011 IBM Corporation
  • 9. Management Interface Compromise  Challenges - Ensuring customer operations are separated from other customers - Ensuring that web based interfaces implement robust security practices - Ensuring customer accesses to their resources are managed and controlled by the customer  Measures in Development/Test Cloud and Desktop Cloud - Administrative Portal  Authenticated via Web Identity  Authorized via Portal Access Controls  Provides interfaces to initiate automated work flows for discrete tasks - Customer manages the privileges of their user base  Operations logged - end to end transaction auditing - Operating Systems Guests  Once provisioned IBM has no direct access to the guest VM;s  IBM Corporation  Customers provided with initial SSH Key pair or Administrative password - Customers MUST change these and any middleware administrative passwords upon taking control over the guest 9 © 2011 IBM Corporation
  • 10. Malicious Insider  Challenges - Ensuring that Cloud providers enforce policies for administrative operations to the infrastructure. This includes disciplinary policies. - Ensuring that the provider has documented policies which are applied for all administrators  Measures in Development/Test Cloud and Desktop Cloud - Automation  Not a traditional Security construct  Automation assures control over specific administrative tasks which are broken down to well defined work flow sequences. -Automation is audited end to end to be able to re-construct a given work flow - Human Administration  All infrastructure components are managed/operated to the same policies as IBM Internal systems (ITCS104).  Shared user ID’s are prohibited. Each administrative user uses their own ID to authenticate.  IBM Corporation  User authorizations assigned based on least privilege principles.  IBM’s business conduct guidelines provide the framework for disciplinary action should administrative privileges be abused. 10 © 2011 IBM Corporation
  • 11. Monitoring/Reporting  Challenges - Ensuring that the infrastructure is managed per provider specified policies - Providing reports to customers about operations which affect the infrastructure as a whole or their specific resources.  Measures in Development/Test cloud and Desktop Cloud - Logging  Infrastructure systems enable operating system audit capabilities  End to end operation flows are logged and auditable  Audit log data is retained for 90 days  Logs are monitored and incident tickets raised for any actions which are not permitted. - Intrusion  Infrastructure is monitored by Intrusion Detection & Protection systems (IDS/IPS)  Internet points of ingress and egress are monitored with IDS/IPS  Future - will provide customer specific IDS/IPS through hypervisor introspection technology - Reporting  IBM Corporation  Internal reporting of security incidents through monitoring of audit data  Future - customer level reports of actions which affect/alter the security of the infrastructure that directly relates to their resources. 11 © 2011 IBM Corporation
  • 12. For more information on Cloud computing  http://www.ibm.com/cloud  Cloud Security Whitepaper - http://www- 03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTA CH_FILE1&fileName=10-0861_US Cloud Computing White Paper_Final_LR.pdf © 2011 IBM Corporation

Notas del editor

  1. Appirio recently surveyed 150 executives of large firms they found that security remains the number one concern, at the same time they found 28% of those execs felt that the concerns expressed about security are false and fear related. In another study (right) IBM found that of the fears customers have 77% are afraid they will lose data…