SlideShare una empresa de Scribd logo

Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right

Descargar como PPTX, PDF
IBM Security
IBM Security

As the perimeter of your organization’s network becomes less defined, and you read everyday in the media that cyberattackers are becoming more and more advanced, there is a temptation for security teams to limit use of the cloud. However, the advantages of clouds—especially Hybrid clouds that include a mix of privately and publicly hosted IaaS, PaaS and SaaS services—are too compelling to avoid. The good news is that all cloud models can be secured, opening the way for controlled and secure business use. In this session, IBM Security Architect David Druker details some key techniques for improving security for each service model and applying Security Intelligence to monitoring diverse cloud islands. View the full on-demand webcast: https://www2.gotomeeting.com/register/409421834

1 de 19
© 2014 IBM Corporation IBM Security Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right 1© 2014 IBM Corporation
© 2014 IBM Corporation IBM Security Agenda  Cloud Computing: Many Choices; New Security Challenges  3 Cloud Security Requirements 2 –Govern Cloud Usage and Manage Access –Protect Cloud Workloads and Data –View Cloud Security Events and Detect Threats  4 Keys to Cloud Security –Manage Access –Protect Data –Gain Visibility –Optimize Security Operations (Cloud and Traditional)
© 2014 IBM Corporation IBM Security Cloud is rapidly transforming the enterprise 3 External Traditional Enterprise IT Stakeholders Private Cloud Public Cloud PaaS Development services SaaS Business applications IaaS Infrastructure services 100+ IBM Offerings HR, CRM, SCM Data archive App development 100+ IBM Offerings Online website
Cloud is an opportunity to radically transform security practices © 2014 IBM Corporation IBM Security 4 Cloud-enhanced Security Standardized, automated, customizable, and elastic Traditional Security Manual, static, and reactive Cloud security is an opportunity to improve defenses and reduce risk
© 2014 IBM Corporation IBM Security Cloud Security Requirements 5 Detect threats with visibility across clouds Govern the usage of cloud Protect workloads and data in the cloud How can I understand who is accessing the cloud from anywhere, at anytime? How can I fix vulnerabilities and defend against attacks before they’re exploited? How can I obtain a comprehensive view of cloud and traditional environments? “I can take advantage of centralized cloud logging and auditing interfaces to hunt for attacks.” “Going to the cloud gives me a single choke point for all user access ‒ it provides much more control.” “Cloud gives me security APIs and preconfigured policies to help protect my data and workloads”
4 Keys to Cloud Security 6 © 2014 IBM Corporation
© 2014 IBM Corporation IBM Security Cloud Security Domains 7 IaaS PaaS SaaS Cloud Security Optimize Security Operations Manage Access Protect Data Gain Visibility
© 2014 IBM Corporation IBM Security 8 Manage Access
Key Concept: Build an Integrated Identity and Access System for © 2014 IBM Corporation IBM Security 9 Traditional and Cloud Destinations IAM Use Cases On Premise IDaaS • Outsource IAM infrastructure to cloud, hosted service • Extend on premise IAM to cloud, hosted service • Enable LOB users to SSO and govern SaaS access from the cloud • Integrate authentication and SSO into new apps using identity as API • Manage cloud administration and workload access SaaS PaaS IaaS Cloud-Hosted IAM IAM Manage Access
© 2014 IBM Corporation IBM Security 10 Protect Data
© 2014 IBM Corporation IBM Security Key Concept: Understand and Control Cloud Data Flows  Assess application and data store vulnerabilities  Monitor data activity to, from and on the cloud  Encrypt data at rest in IaaS and PaaS systems  Mask and/or redact responses from cloud applications  Tokenize data sent to cloud applications, especially SaaS 11 Protect Data
© 2014 IBM Corporation IBM Security 12 Gain Visibility
Key Concept: Get Security Intelligence Across the Hybrid Cloud © 2014 IBM Corporation IBM Security 13 Gain Visibility SaaS Applications Infrastructure-as-a-Service Private Virtualized Datacenter Cloud Security Intelligence Solution Benefits • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data
QRadar and the Cloud – SaaS and Cloud Infrastructure Collection © 2014 IBM Corporation IBM Security 14 Event Processor Flow DSM Processor Workload on premise Console Gain Visibility
© 2014 IBM Corporation IBM Security QRadar in the Cloud – Following the workload 15 or Event Collector Event Processor Flow Processor Workload on premise Console VPN Gain Visibility
QRadar in the Cloud – Monitoring On Premises & IaaS/PaaS © 2014 IBM Corporation IBM Security 16 Console Event Collector Event Event Collector Flow Collector Collector Event Processor Flow Processor or QVM Scanner VPN Gain Visibility
© 2014 IBM Corporation IBM Security 17 Optimize Security Operations
Optimize Security Operations © 2014 IBM Corporation IBM Security Key Concept: Use the Cloud to Optimize Cloud Security  Deploy security services on the cloud when 18 –Significant amount of IT and LOB systems moved to the cloud –Fastest way to implement security and get high availability –Cost efficient way to expand geographical footprint  Select cloud hosted security services to –Reduce capital outlay –Eliminate systems management issues  Select managed security services to –Augment or replace in-house security expertise –Combat advanced threats –Increase overall security maturity
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY © 2014 IBM Corporation IBM Security 19 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Recomendados

IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaS
Camilo Fandiño Gómez
 
IBM Private Cloud Solutions with IBM i
IBM Private Cloud Solutions with IBM iIBM Private Cloud Solutions with IBM i
IBM Private Cloud Solutions with IBM i
Luca Comparini
 
Patterns in the cloud
Patterns in the cloudPatterns in the cloud
Patterns in the cloud
David Manning
 
Weolcan Hybrid Cloud Training
Weolcan Hybrid Cloud TrainingWeolcan Hybrid Cloud Training
Weolcan Hybrid Cloud Training
Christian Barneveld, van
 
IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)
Simon Baker
 
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
Club Cloud des Partenaires
 
2012.11.29 - Leveraging Slideshare - Loic Simon
2012.11.29 - Leveraging Slideshare - Loic Simon2012.11.29 - Leveraging Slideshare - Loic Simon
2012.11.29 - Leveraging Slideshare - Loic Simon
Club Alliances
 
Novedades en la release Juno de OpenStack
Novedades en la release Juno de OpenStackNovedades en la release Juno de OpenStack
Novedades en la release Juno de OpenStack
Nimbus Concept
 

Recomendados

IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaS
Camilo Fandiño Gómez
 
IBM Private Cloud Solutions with IBM i
IBM Private Cloud Solutions with IBM iIBM Private Cloud Solutions with IBM i
IBM Private Cloud Solutions with IBM i
Luca Comparini
 
Patterns in the cloud
Patterns in the cloudPatterns in the cloud
Patterns in the cloud
David Manning
 
Weolcan Hybrid Cloud Training
Weolcan Hybrid Cloud TrainingWeolcan Hybrid Cloud Training
Weolcan Hybrid Cloud Training
Christian Barneveld, van
 
IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)
Simon Baker
 
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
2012.06.17 - Owned Blogs - Club Cloud des Partenaires - Loic Simon
Club Cloud des Partenaires
 
2012.11.29 - Leveraging Slideshare - Loic Simon
2012.11.29 - Leveraging Slideshare - Loic Simon2012.11.29 - Leveraging Slideshare - Loic Simon
2012.11.29 - Leveraging Slideshare - Loic Simon
Club Alliances
 
Novedades en la release Juno de OpenStack
Novedades en la release Juno de OpenStackNovedades en la release Juno de OpenStack
Novedades en la release Juno de OpenStack
Nimbus Concept
 
Estategia IBM Security para mercado financeiro
Estategia IBM Security para mercado financeiroEstategia IBM Security para mercado financeiro
Estategia IBM Security para mercado financeiro
Alexandre Freire
 
Openstack 2013 1
Openstack 2013 1Openstack 2013 1
Openstack 2013 1
Luis Gervaso
 
Knime
Knime Knime
Knime
dulcekari
 
Cloud appi transformacion digital
Cloud appi transformacion digitalCloud appi transformacion digital
Cloud appi transformacion digital
CloudAppi
 
Emc - Cloud Vision and Strategy
Emc - Cloud Vision and StrategyEmc - Cloud Vision and Strategy
Emc - Cloud Vision and Strategy
Cenk Ersoy
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Gobierno de apis
Gobierno de apisGobierno de apis
Gobierno de apis
CloudAppi
 
ELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIGELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIG
jose reyes
 
Aplicación práctica de FIWARE al Internet de las Cosas
Aplicación práctica de FIWARE al Internet de las CosasAplicación práctica de FIWARE al Internet de las Cosas
Aplicación práctica de FIWARE al Internet de las Cosas
Javier García Puga
 
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
javieramador326
 
Sistemas información geográfica
Sistemas información geográficaSistemas información geográfica
Sistemas información geográfica
Marvin Zumbado
 
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVILAPLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
gerardo henry espinoza sumaran
 
SIG y sus componentes
SIG y sus componentesSIG y sus componentes
SIG y sus componentes
Henry H. Velarde
 
VDI CIMCORP
VDI CIMCORPVDI CIMCORP
VDI CIMCORP
CIMCORP
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise CloudAccenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
accenture
 
CartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open SourceCartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open Source
LibreCon
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
IBM Security
 

Más contenido relacionado

Destacado

ELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIGELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIG
jose reyes
 
Sistemas información geográfica
Sistemas información geográficaSistemas información geográfica
Sistemas información geográfica
Marvin Zumbado
 
VDI CIMCORP
VDI CIMCORPVDI CIMCORP
VDI CIMCORP
CIMCORP
 
CartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open SourceCartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open Source
LibreCon
 

Destacado (16)

Estategia IBM Security para mercado financeiro
Estategia IBM Security para mercado financeiroEstategia IBM Security para mercado financeiro
Estategia IBM Security para mercado financeiro
 
Openstack 2013 1
Openstack 2013 1Openstack 2013 1
Openstack 2013 1
 
Knime
Knime Knime
Knime
 
Cloud appi transformacion digital
Cloud appi transformacion digitalCloud appi transformacion digital
Cloud appi transformacion digital
 
Emc - Cloud Vision and Strategy
Emc - Cloud Vision and StrategyEmc - Cloud Vision and Strategy
Emc - Cloud Vision and Strategy
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Gobierno de apis
Gobierno de apisGobierno de apis
Gobierno de apis
 
ELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIGELEMENTOS BASICOS PARA UN SIG
ELEMENTOS BASICOS PARA UN SIG
 
Aplicación práctica de FIWARE al Internet de las Cosas
Aplicación práctica de FIWARE al Internet de las CosasAplicación práctica de FIWARE al Internet de las Cosas
Aplicación práctica de FIWARE al Internet de las Cosas
 
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
SISTEMAS DE INFORMACIÓN GEOGRÁFICA. EXPOSICIÓN
 
Sistemas información geográfica
Sistemas información geográficaSistemas información geográfica
Sistemas información geográfica
 
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVILAPLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
APLICACION D LOS SISTEMAS DE INFORMACION GEOGRAFICA SIG EN LA INGENIERIA CIVIL
 
SIG y sus componentes
SIG y sus componentesSIG y sus componentes
SIG y sus componentes
 
VDI CIMCORP
VDI CIMCORPVDI CIMCORP
VDI CIMCORP
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise CloudAccenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
 
CartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open SourceCartoDB: Mapeando el mundo con Open Source
CartoDB: Mapeando el mundo con Open Source
 

Más de IBM Security

Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 

Más de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right

  • 1. © 2014 IBM Corporation IBM Security Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right 1© 2014 IBM Corporation
  • 2. © 2014 IBM Corporation IBM Security Agenda  Cloud Computing: Many Choices; New Security Challenges  3 Cloud Security Requirements 2 –Govern Cloud Usage and Manage Access –Protect Cloud Workloads and Data –View Cloud Security Events and Detect Threats  4 Keys to Cloud Security –Manage Access –Protect Data –Gain Visibility –Optimize Security Operations (Cloud and Traditional)
  • 3. © 2014 IBM Corporation IBM Security Cloud is rapidly transforming the enterprise 3 External Traditional Enterprise IT Stakeholders Private Cloud Public Cloud PaaS Development services SaaS Business applications IaaS Infrastructure services 100+ IBM Offerings HR, CRM, SCM Data archive App development 100+ IBM Offerings Online website
  • 4. Cloud is an opportunity to radically transform security practices © 2014 IBM Corporation IBM Security 4 Cloud-enhanced Security Standardized, automated, customizable, and elastic Traditional Security Manual, static, and reactive Cloud security is an opportunity to improve defenses and reduce risk
  • 5. © 2014 IBM Corporation IBM Security Cloud Security Requirements 5 Detect threats with visibility across clouds Govern the usage of cloud Protect workloads and data in the cloud How can I understand who is accessing the cloud from anywhere, at anytime? How can I fix vulnerabilities and defend against attacks before they’re exploited? How can I obtain a comprehensive view of cloud and traditional environments? “I can take advantage of centralized cloud logging and auditing interfaces to hunt for attacks.” “Going to the cloud gives me a single choke point for all user access ‒ it provides much more control.” “Cloud gives me security APIs and preconfigured policies to help protect my data and workloads”
  • 6. 4 Keys to Cloud Security 6 © 2014 IBM Corporation
  • 7. © 2014 IBM Corporation IBM Security Cloud Security Domains 7 IaaS PaaS SaaS Cloud Security Optimize Security Operations Manage Access Protect Data Gain Visibility
  • 8. © 2014 IBM Corporation IBM Security 8 Manage Access
  • 9. Key Concept: Build an Integrated Identity and Access System for © 2014 IBM Corporation IBM Security 9 Traditional and Cloud Destinations IAM Use Cases On Premise IDaaS • Outsource IAM infrastructure to cloud, hosted service • Extend on premise IAM to cloud, hosted service • Enable LOB users to SSO and govern SaaS access from the cloud • Integrate authentication and SSO into new apps using identity as API • Manage cloud administration and workload access SaaS PaaS IaaS Cloud-Hosted IAM IAM Manage Access
  • 10. © 2014 IBM Corporation IBM Security 10 Protect Data
  • 11. © 2014 IBM Corporation IBM Security Key Concept: Understand and Control Cloud Data Flows  Assess application and data store vulnerabilities  Monitor data activity to, from and on the cloud  Encrypt data at rest in IaaS and PaaS systems  Mask and/or redact responses from cloud applications  Tokenize data sent to cloud applications, especially SaaS 11 Protect Data
  • 12. © 2014 IBM Corporation IBM Security 12 Gain Visibility
  • 13. Key Concept: Get Security Intelligence Across the Hybrid Cloud © 2014 IBM Corporation IBM Security 13 Gain Visibility SaaS Applications Infrastructure-as-a-Service Private Virtualized Datacenter Cloud Security Intelligence Solution Benefits • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data
  • 14. QRadar and the Cloud – SaaS and Cloud Infrastructure Collection © 2014 IBM Corporation IBM Security 14 Event Processor Flow DSM Processor Workload on premise Console Gain Visibility
  • 15. © 2014 IBM Corporation IBM Security QRadar in the Cloud – Following the workload 15 or Event Collector Event Processor Flow Processor Workload on premise Console VPN Gain Visibility
  • 16. QRadar in the Cloud – Monitoring On Premises & IaaS/PaaS © 2014 IBM Corporation IBM Security 16 Console Event Collector Event Event Collector Flow Collector Collector Event Processor Flow Processor or QVM Scanner VPN Gain Visibility
  • 17. © 2014 IBM Corporation IBM Security 17 Optimize Security Operations
  • 18. Optimize Security Operations © 2014 IBM Corporation IBM Security Key Concept: Use the Cloud to Optimize Cloud Security  Deploy security services on the cloud when 18 –Significant amount of IT and LOB systems moved to the cloud –Fastest way to implement security and get high availability –Cost efficient way to expand geographical footprint  Select cloud hosted security services to –Reduce capital outlay –Eliminate systems management issues  Select managed security services to –Augment or replace in-house security expertise –Combat advanced threats –Increase overall security maturity
  • 19. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY © 2014 IBM Corporation IBM Security 19 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.