Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
© 2012 Cisco and/or its affiliates. All rights reserved. 1© 2010 Cisco and/or its affiliates. All rights reserved. 1
Wen-P...
© 2012 Cisco and/or its affiliates. All rights reserved. 2
© 2012 Cisco and/or its affiliates. All rights reserved. 3
The Meaning of Cloud Quick recap
PublicPrivate HybridCommunity
...
© 2012 Cisco and/or its affiliates. All rights reserved. 4
Security is still the biggest obstacles to Cloud Adoption
#1 Se...
© 2012 Cisco and/or its affiliates. All rights reserved. 5
It is all About
Data – Protecting
your Data is the
No. 1 Priori...
© 2012 Cisco and/or its affiliates. All rights reserved. 6
Cloud Security is About …
© 2012 Cisco and/or its affiliates. All rights reserved. 7
Cloud Security: Defined
“In the Cloud”
Secure Cloud Infrastruct...
© 2012 Cisco and/or its affiliates. All rights reserved. 8
Cloud Security: Defined
“For the Cloud”
Secure Cloud Access
Pub...
© 2012 Cisco and/or its affiliates. All rights reserved. 9
Cloud Security: Defined
“By the Cloud”
Secure Cloud Infrastruct...
© 2012 Cisco and/or its affiliates. All rights reserved. 10
Infrastructure Security
Load
Balancer
SSL
Termination
Web App
...
© 2012 Cisco and/or its affiliates. All rights reserved. 11
•  More moving parts, ore
Complex,
•  Code Execution from VM G...
© 2012 Cisco and/or its affiliates. All rights reserved. 12
Applications & Software
© 2012 Cisco and/or its affiliates. All rights reserved. 13
•  ISO 27001 Adherence
•  Power Supply
•  Cooling
•  Fire and ...
© 2012 Cisco and/or its affiliates. All rights reserved. 14
© 2012 Cisco and/or its affiliates. All rights reserved. 15
•  Background Check
•  HR Hiring Policy
•  Security Awareness ...
© 2012 Cisco and/or its affiliates. All rights reserved. 16
•  Control Standards such as
SSAE 16 SOC 1 or SOC 2
•  PIC, HI...
© 2012 Cisco and/or its affiliates. All rights reserved. 17
•  What is your BCP and DR
plan?
•  Who is responsible?
•  Whi...
© 2012 Cisco and/or its affiliates. All rights reserved. 18
1.  Data Breaches
2.  Data Loss
3.  Account or Service Traffic...
© 2012 Cisco and/or its affiliates. All rights reserved. 19
Where is Your DATA?
© 2012 Cisco and/or its affiliates. All rights reserved. 20
Cloud Security is all About….
•  Confidentiality
•  Integrity
...
© 2012 Cisco and/or its affiliates. All rights reserved. 21
•  Shift of Telco Business
moves toward Application
Centric
• ...
© 2012 Cisco and/or its affiliates. All rights reserved. 22
Orchestra)on/Management	&	API	per	vService	
Security As A Serv...
© 2012 Cisco and/or its affiliates. All rights reserved. 23
New Cloud Service Offering by “CSP”
Software Define Network (S...
© 2012 Cisco and/or its affiliates. All rights reserved. 24
•  Application API vulnerability
•  Service Hijacking
•  Virtu...
© 2012 Cisco and/or its affiliates. All rights reserved. 25
From Enterprises (End Users)
•  Information Security – Securit...
© 2012 Cisco and/or its affiliates. All rights reserved. 26
•  Cloud Security is not only about Data Protection
•  Data Pr...
© 2012 Cisco and/or its affiliates. All rights reserved. 27
Thank you.Thank you.
© 2012 Cisco and/or its affiliates. All rights reserved. 28
Backup
Cloud Security: A New Perspective
Próximo SlideShare
Cargando en…5
×

de

Cloud Security: A New Perspective Slide 1 Cloud Security: A New Perspective Slide 2 Cloud Security: A New Perspective Slide 3 Cloud Security: A New Perspective Slide 4 Cloud Security: A New Perspective Slide 5 Cloud Security: A New Perspective Slide 6 Cloud Security: A New Perspective Slide 7 Cloud Security: A New Perspective Slide 8 Cloud Security: A New Perspective Slide 9 Cloud Security: A New Perspective Slide 10 Cloud Security: A New Perspective Slide 11 Cloud Security: A New Perspective Slide 12 Cloud Security: A New Perspective Slide 13 Cloud Security: A New Perspective Slide 14 Cloud Security: A New Perspective Slide 15 Cloud Security: A New Perspective Slide 16 Cloud Security: A New Perspective Slide 17 Cloud Security: A New Perspective Slide 18 Cloud Security: A New Perspective Slide 19 Cloud Security: A New Perspective Slide 20 Cloud Security: A New Perspective Slide 21 Cloud Security: A New Perspective Slide 22 Cloud Security: A New Perspective Slide 23 Cloud Security: A New Perspective Slide 24 Cloud Security: A New Perspective Slide 25 Cloud Security: A New Perspective Slide 26 Cloud Security: A New Perspective Slide 27 Cloud Security: A New Perspective Slide 28 Cloud Security: A New Perspective Slide 29
Próximo SlideShare
Carrier-grade-virtual-platform-use-case
Siguiente
Descargar para leer sin conexión y ver en pantalla completa.

1 recomendación

Compartir

Descargar para leer sin conexión

Cloud Security: A New Perspective

Descargar para leer sin conexión

Presented at 2014 CloudCon, Dalian, China

Audiolibros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Cloud Security: A New Perspective

  1. 1. © 2012 Cisco and/or its affiliates. All rights reserved. 1© 2010 Cisco and/or its affiliates. All rights reserved. 1 Wen-Pai Lu, Ph.D. Cloud Security: A New Perspective Technical Leader CloudCon, 2014 Dalian, China
  2. 2. © 2012 Cisco and/or its affiliates. All rights reserved. 2
  3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. 3 The Meaning of Cloud Quick recap PublicPrivate HybridCommunity Where?&&Deployment*Models* Virtual Private What? Essential Characteristics (NIST) Measured Services Rapid Elasticity Resource Pooling Self Service Broad Access How?&Service*Models* SaaS PaaS IaaS
  4. 4. © 2012 Cisco and/or its affiliates. All rights reserved. 4 Security is still the biggest obstacles to Cloud Adoption #1 Security policies #2 Secure Connectivity #3 Changed architecture Integration #4 QoS, SLAs, WaaS, AVC, VPN Forrester & Cisco report on Cloud market – 2013
  5. 5. © 2012 Cisco and/or its affiliates. All rights reserved. 5 It is all About Data – Protecting your Data is the No. 1 Priority
  6. 6. © 2012 Cisco and/or its affiliates. All rights reserved. 6 Cloud Security is About …
  7. 7. © 2012 Cisco and/or its affiliates. All rights reserved. 7 Cloud Security: Defined “In the Cloud” Secure Cloud InfrastructurePrivate Cloud Virtualized App Servers In#the#Cloud:#Security)(products,)solu1ons))instan1ated)as) an)opera1onal)capability)deployed)within)Cloud) Compu1ng)environments.)Examples:))Routers,)Firewalls,) IPS,)AV,)WAF,)…)
  8. 8. © 2012 Cisco and/or its affiliates. All rights reserved. 8 Cloud Security: Defined “For the Cloud” Secure Cloud Access Public Cloud Secure Cloud Infrastructure For$the$Cloud:$Security)services)that)are)specifically) targeted)toward)securing)OTHER)Cloud)Compu=ng) services,)delivered)by)Cloud)Compu=ng)providers.)
  9. 9. © 2012 Cisco and/or its affiliates. All rights reserved. 9 Cloud Security: Defined “By the Cloud” Secure Cloud Infrastructure Cloud Security Services Internet Email Web Secure Mobility By#the#Cloud:#Security)services)delivered)by) Cloud)Compu3ng)services)which)are)used)by) providers) Securing Cloud Access Secure Cloud Infrastructure
  10. 10. © 2012 Cisco and/or its affiliates. All rights reserved. 10 Infrastructure Security Load Balancer SSL Termination Web App Firewall Firewall IDS/IPS Public Cloud (Hosted) Enterprise Cloud (Hosted) SP Broadband Access Access Access Virtualized Security in Private Cloud: •  vASA, ASAv •  Nexus 1000v •  VSG •  TrustSec Physical Security: •  ASA •  SourceFire •  Trustsec Secure bridging (#2) •  Nexus 1000v InterCloud VPC Isolation •  Nexus 1000v InterCloud Enabling virtualized Security in Public Cloud (#1,#3): •  Nexus 1000v InterCloud •  VSG, ASA 1000v •  Nexus 1000v •  vASA Enabling secure L3 access to Cloud, WAN services (#2, #4) •  CSR 1000v
  11. 11. © 2012 Cisco and/or its affiliates. All rights reserved. 11 •  More moving parts, ore Complex, •  Code Execution from VM Guest to Host •  Service Console Flaws •  New Configuration Controls •  Segmentation and Separation •  Hypervisor Security •  OS Security •  Side Channel Attacks •  Monitoring & Visibility •  Virtual Security Products
  12. 12. © 2012 Cisco and/or its affiliates. All rights reserved. 12 Applications & Software
  13. 13. © 2012 Cisco and/or its affiliates. All rights reserved. 13 •  ISO 27001 Adherence •  Power Supply •  Cooling •  Fire and Flood Damage •  Facilities Access Right •  Policy •  Facility and Personnel Monitoring •  Physical Risk Assessments •  Remediation Plan •  Network Cable accessible in public access area
  14. 14. © 2012 Cisco and/or its affiliates. All rights reserved. 14
  15. 15. © 2012 Cisco and/or its affiliates. All rights reserved. 15 •  Background Check •  HR Hiring Policy •  Security Awareness and Training •  Ongoing data and system access rights
  16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. 16 •  Control Standards such as SSAE 16 SOC 1 or SOC 2 •  PIC, HIPAA, FISMA, SOX, or local standards •  Baseline of Compliance Needs •  “Boundaries” where Compliance applies •  Required Controls for Compliance Mandates, like GRC, CCM, etc. •  Responsible Parties •  Legal Impacts and Ramifications
  17. 17. © 2012 Cisco and/or its affiliates. All rights reserved. 17 •  What is your BCP and DR plan? •  Who is responsible? •  Which part of your DATA should be included in the planning •  Backup Strategy •  RTO & RPO Objectives •  DR Process
  18. 18. © 2012 Cisco and/or its affiliates. All rights reserved. 18 1.  Data Breaches 2.  Data Loss 3.  Account or Service Traffic Hijacking 4.  Insecure Interfaces and APIs 5.  Denial of Services 6.  Malicious Insiders 7.  Abuse Cloud Services 8.  Insufficient Due Diligence 9.  Share Technology Vulnerabilities https://downloads.cloudsecurityalliance.org/initiatives/top_threats/ The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
  19. 19. © 2012 Cisco and/or its affiliates. All rights reserved. 19 Where is Your DATA?
  20. 20. © 2012 Cisco and/or its affiliates. All rights reserved. 20 Cloud Security is all About…. •  Confidentiality •  Integrity •  Available •  Compliance •  Governance •  Risk Management
  21. 21. © 2012 Cisco and/or its affiliates. All rights reserved. 21 •  Shift of Telco Business moves toward Application Centric •  Business is Measured by $ per Services •  Network Services move from Appliance Centric to Software-based •  Cloud becomes Key Enable in their New Business Model Voice Centric Frame Relay ISDN ATM QAM T1, DS3 PSTN SMDS X.25 $ per Call Data Centric VOIP L2/L3 VPNs VOD Streaming Video Triple Play Cellular Data IPTV SP Wi-Fi $ per mbs Hosted Collaboration Elastic Load Balancing Disaster Recovery Security AAS Bandwidth On-Demand Cloud Storage Application Centric $ per Service Wave of Business
  22. 22. © 2012 Cisco and/or its affiliates. All rights reserved. 22 Orchestra)on/Management & API per vService Security As A Service & Threat Defense Elastic Security Services Architecture Internet L2 VPN L3 VPN Ubiquitous Ethernet Access Node Satellite, EoMPLS, MPLS-TP, etc Private Cloud Residential Customer Remote POP A9K Cluster Managed Router vWAAS Security DPI vASA vWSA SBC 3rd Party Hypervisor* UCS**and/or*On*Box*Compute*Resources* OS* OS* OS* OS* OS* IronPort Service insertion/chaining UCS*or*VSM/Forge* vASA vWSA SBC Scansafe SBC Controller
  23. 23. © 2012 Cisco and/or its affiliates. All rights reserved. 23 New Cloud Service Offering by “CSP” Software Define Network (SDN) Network Function Virtualization (NFV) Business'Applica-ons'Business'Applica-ons'Business'Applica-ons' Business'Applica-ons' Business'Applica-ons' Network'Services' Network' Services' Control'' Layer' Applica-on'Layer' NFV'Orchestra-on'and'Management' Compute' Network' Storage' Hardware'Resources' Virtualiza-on'Layer' Virtual' Compute' Virtual' Network' Virtual' Storage' NFV'Infrastructure'(NFVI)' VNF' VNF'VNF' VNF' VNF' VNF' VNF' API' API' API' Infrastructure' Layer' OSS/BSS'
  24. 24. © 2012 Cisco and/or its affiliates. All rights reserved. 24 •  Application API vulnerability •  Service Hijacking •  Virtualization Attacks •  Distribution Denial of Attacks •  Hardware and Software Hardening •  Malicious Insiders •  Insufficient Due Diligence •  Share Technology Vulnerabilities •  Segmentation and Isolation •  Identity of Devices, Users, Roles and Location •  Traffic Sniffing •  Unified Cloud Access Security •  Threat Visibility •  Dynamic Security Enforcement •  Security Ecosystem •  And much more …
  25. 25. © 2012 Cisco and/or its affiliates. All rights reserved. 25 From Enterprises (End Users) •  Information Security – Security of Data and Services •  Data Life Cycle – Generation, Use, Transfer, Transformation, Storage, Archive and Destruction •  IT Service Continuity – Business Continuity and Disaster Recovery •  Incident Management – how soon CSP can restore services, and Intrusion Detection •  Change Management – Standardize methods and procedures for efficient of all changes •  Data Loss and Breaches •  Infrastructure Security – Network, Compute, Storage, Access Control, etc. •  Compliances and Standards From Service Providers •  Service Asset – for maintain information about Configuration Items (CI) required to deliver Cloud Services •  Configuration Management •  Demand Management – prepare for such demands •  Capacity Management – Availability of sufficient capacity •  Request Fulfillment – process for fulfilling service request •  Branding and Publicity •  Service Availability – lose of Revenue and Trust •  Management and Operations
  26. 26. © 2012 Cisco and/or its affiliates. All rights reserved. 26 •  Cloud Security is not only about Data Protection •  Data Protection includes both Data At Rest and Data In Transit •  Need to Implement Data Life Cycle with CSP •  Infrastructure Security provides required Protection for your Data in the Cloud •  Need to do your due Diligent – Cloud Risk Analysis and Security Assessment •  Other “Hard” Security Considerations include Identity and Access Management, Physical Facilities Security, DR and BDP, and Intrusion Detection and Incident Responses •  “Soft” Security Considerations include Compliances and Legal Considerations, Audit for the Cloud, Policy, Contracts with CSP, and Governance •  DO YOUR HOME WORK to know what YOU are Getting
  27. 27. © 2012 Cisco and/or its affiliates. All rights reserved. 27 Thank you.Thank you.
  28. 28. © 2012 Cisco and/or its affiliates. All rights reserved. 28 Backup
  • tonydeng

    Nov. 28, 2017

Presented at 2014 CloudCon, Dalian, China

Vistas

Total de vistas

333

En Slideshare

0

De embebidos

0

Número de embebidos

23

Acciones

Descargas

21

Compartidos

0

Comentarios

0

Me gusta

1

×