Más contenido relacionado Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right1. © 2014 IBM Corporation
IBM Security
Hybrid Cloud is the New Normal:
4 Key Security Steps you Need to Get it Right
1©
2014 IBM Corporation
2. © 2014 IBM Corporation
IBM Security
Agenda
Cloud Computing: Many Choices; New Security Challenges
3 Cloud Security Requirements
2
–Govern Cloud Usage and Manage Access
–Protect Cloud Workloads and Data
–View Cloud Security Events and Detect Threats
4 Keys to Cloud Security
–Manage Access
–Protect Data
–Gain Visibility
–Optimize Security Operations (Cloud and Traditional)
3. © 2014 IBM Corporation
IBM Security
Cloud is rapidly transforming the enterprise
3
External Traditional Enterprise IT Stakeholders
Private Cloud Public Cloud
PaaS
Development
services
SaaS
Business
applications
IaaS
Infrastructure
services
100+ IBM
Offerings
HR,
CRM, SCM
Data
archive
App
development
100+ IBM
Offerings
Online
website
4. Cloud is an opportunity to radically transform security practices
© 2014 IBM Corporation
IBM Security
4
Cloud-enhanced Security
Standardized, automated,
customizable, and elastic
Traditional Security
Manual, static,
and reactive
Cloud security is an opportunity
to improve defenses and reduce risk
5. © 2014 IBM Corporation
IBM Security
Cloud Security Requirements
5
Detect threats with
visibility across clouds
Govern the
usage of cloud
Protect workloads
and data in the cloud
How can I understand who
is accessing the cloud
from anywhere, at anytime?
How can I fix vulnerabilities
and defend against attacks
before they’re exploited?
How can I obtain a
comprehensive view of cloud
and traditional environments?
“I can take advantage
of centralized cloud
logging and auditing
interfaces to hunt
for attacks.”
“Going to the cloud
gives me a single
choke point for all user
access ‒ it provides
much more control.”
“Cloud gives me
security APIs and
preconfigured policies
to help protect my data
and workloads”
6. 4 Keys to Cloud Security
6 © 2014 IBM Corporation
7. © 2014 IBM Corporation
IBM Security
Cloud Security Domains
7
IaaS PaaS SaaS
Cloud Security
Optimize Security Operations
Manage
Access
Protect
Data
Gain
Visibility
8. © 2014 IBM Corporation
IBM Security
8
Manage Access
9. Key Concept: Build an Integrated Identity and Access System for
© 2014 IBM Corporation
IBM Security
9
Traditional and Cloud Destinations
IAM Use Cases
On Premise IDaaS
• Outsource IAM infrastructure to cloud, hosted service
• Extend on premise IAM to cloud, hosted service
• Enable LOB users to SSO and govern SaaS access
from the cloud
• Integrate authentication and SSO into new apps
using identity as API
• Manage cloud administration and workload access
SaaS
PaaS
IaaS
Cloud-Hosted
IAM
IAM
Manage Access
10. © 2014 IBM Corporation
IBM Security
10
Protect Data
11. © 2014 IBM Corporation
IBM Security
Key Concept: Understand and Control Cloud Data Flows
Assess application and data store vulnerabilities
Monitor data activity to, from and on the cloud
Encrypt data at rest in IaaS and PaaS systems
Mask and/or redact responses from cloud applications
Tokenize data sent to cloud applications, especially SaaS
11
Protect Data
12. © 2014 IBM Corporation
IBM Security
12
Gain Visibility
13. Key Concept: Get Security Intelligence Across the Hybrid Cloud
© 2014 IBM Corporation
IBM Security
13
Gain Visibility
SaaS Applications
Infrastructure-as-a-Service
Private Virtualized Datacenter
Cloud Security Intelligence
Solution Benefits
• Improved security and visibility into virtual Infrastructures
• Better visibility into logs coming from their sensors across the environment
• Support ad hoc search across large data
14. QRadar and the Cloud – SaaS and Cloud Infrastructure Collection
© 2014 IBM Corporation
IBM Security
14
Event
Processor
Flow
DSM
Processor Workload on
premise
Console
Gain Visibility
15. © 2014 IBM Corporation
IBM Security
QRadar in the Cloud – Following the workload
15
or
Event
Collector
Event
Processor
Flow
Processor Workload on
premise
Console
VPN
Gain Visibility
16. QRadar in the Cloud – Monitoring On Premises & IaaS/PaaS
© 2014 IBM Corporation
IBM Security
16
Console
Event
Collector Event
Event
Collector
Flow
Collector
Collector
Event
Processor
Flow
Processor
or
QVM
Scanner
VPN
Gain Visibility
17. © 2014 IBM Corporation
IBM Security
17
Optimize Security Operations
18. Optimize Security Operations
© 2014 IBM Corporation
IBM Security
Key Concept: Use the Cloud to Optimize Cloud Security
Deploy security services on the cloud when
18
–Significant amount of IT and LOB systems moved to the cloud
–Fastest way to implement security and get high availability
–Cost efficient way to expand geographical footprint
Select cloud hosted security services to
–Reduce capital outlay
–Eliminate systems management issues
Select managed security services to
–Augment or replace in-house security expertise
–Combat advanced threats
–Increase overall security maturity
19. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and
response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,
misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use
or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily
involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT
THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY
© 2014 IBM Corporation
IBM Security
19
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties
or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in
which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion
based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,
the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other
countries or both. Other company, product, or service names may be trademarks or service marks of others.