ibm smartcloudpublic.dhe.ibm.com/software/dw/cloud/techtalks/ibm... · data-centric security is an...
Post on 08-Aug-2020
0 Views
Preview:
TRANSCRIPT
© 2012 IBM Corporation
IBM SmartCloud Rethink IT. Reinvent Business.
Amy Anderson, Manager, Cloud Partner Programs
July, 2013
© 2012 IBM Corporation 2
Common Open Standards Technology and Industry Ecosystem
Deploy Design
Business Process as a Service
Software as a Service
Platform as a Service
Infrastructure as a Service
Consume
Enables private/hybrid cloud service
delivery and management
Cloud Enablement
Technologies
Secure and scalable cloud managed
services platform
Managed Cloud
Services
Pre-built Cloud SaaS business
applications and solutions
Cloud Business
Solutions
Cloud capabilities built upon a common platform, with a commitment
to open standards
© 2012 IBM Corporation 3
Common Open Standards Technology and Industry Ecosystem
Deploy Design
Business Process as a Service
Software as a Service
Platform as a Service
Infrastructure as a Service
Consume
Enables private/hybrid cloud service
delivery and management
Cloud Enablement
Technologies
SmartCloud Enterprise+
Managed Cloud
Services
Pre-built cloud SaaS business
applications and solutions
Cloud Business
Solutions
SoftLayer will further advance the IBM cloud strategy and strengthen
IBM’s portfolio of cloud offerings built on open standards
#ibmcloud
© 2012 IBM Corporation 4
Two major application deployment models have emerged in cloud
adoption
Scalable Virtualized Automated Lifecycle Heterogeneous Infrastructure
Cloud Enabled
Elastic Multi-tenant Integrated Lifecycle Standardized Infrastructure
Cloud Native
+ Existing
Middleware Workloads
Emerging Platform
Workloads
Compatibility with existing systems “Systems of Record”
Exploitation of new environments “System of Engagement”
Softlayer
SCE+
© 2012 IBM Corporation 5
Cloud Security
IBM Cloud TechTalk: Keeping your Important Data Safe in the Cloud
July 23, 2013
C.J. Radford, Vice President, Cloud @cjrad @vormetric #CloudSecurity
Saravanan Coimbatore, Director, Cloud Solutions
IBM & Vormetric Partnership
Vormetric recognized as an IBM Business Partner
In 2007, IBM chose Vormetric Data Security to provide data
protection to its large enterprise and service provider customers:
Vormetric resold as InfoSphere Guardium Data Encryption
Hundreds of large enterprise and service providers globally
Proven data protection
Vormetric certified as “Ready for SmartCloudServices”
Vormetric listed in IBM Global Solutions Directory
Technical validations include:
SC – Enterprise
SC – Business Applications
SC – Infrastructure Services & Availability
SC – Security, Monitoring and Reporting
@cjrad @vormetric #CloudSecurity
How Are We Doing? Perimeter Security is Failing
100% 63%
243 100%
of victims have up-to-date antivirus software
of breaches are reported by third parties
median number of days advanced attackers are on the network before being detected
of breaches involved stolen credentials
Source: mandiant.com/threat-landscape/
@cjrad @vormetric #CloudSecurity
Data-Centric Security Is An Issue
BIG DATA, GLOBAL COMPLIANCE, CLOUD ADOPTION, DATA BREACHES
1. Global State of Information Security® Survey by PwC, CIO magazine, and CSO magazine – October 2012 2. Verizon Data Breach Investigation Report – March 2012
CLOUD ADOPTION Enterprise Security #1 Inhibitor1
APTs DATA BREACHES 98% Stolen Records From Large Orgs2
BIG DATA Big Data is a Big Target
GLOBAL COMPLIANCE Aggressive New Regulations
@cjrad @vormetric #CloudSecurity
Who is Responsible for Security?
Security You ~
Security Them ~
ROLE CLARITY
IaaS
PaaS
SaaS
Infrastructure as a Service
Platform as a Service
Software as a Service
APIs
Core Connectivity & Delivery
Abstraction
Hardware
Facilities
APIs
Core Connectivity & Delivery
Abstraction
Hardware
Facilities
Integration Middleware
APIs
Core Connectivity & Delivery
Abstraction
Hardware
Facilities
Integration Middleware
Presentation Modality
Presentation Platform
APIs
Applications
Data Metadata Content
Infra
stru
ctu
re a
s a
Se
rvic
e (Ia
as)
Pla
tform
as a
Se
rvic
e (P
aa
S)
Infra
stru
ctu
re a
s a
Se
rvic
e (Ia
as)
Source: Cloud Security Alliance, 2013.
@cjrad @vormetric #CloudSecurity
Cloud Growing, but Security and Data Access Top Concerns for Cloud Adoption What are Your Top Cloud Services Concerns?
Security defects in the technology itself
Unauthorized access to or leak of our proprietary information
Unauthorized access to or leak of our customers’ information
Application and system performance
Business continuity and DR readiness of provider
Business viability of provider; risk company will fail
Integration of cloud data with our internal systems
Vendor lock-in
Features and general maturity of technology
51%
45%
40%
31%
30%
30%
27%
16%
14%
Security
Data Access
Source: 2013 State of Cloud Computing, InformationWeek, April 2013.
@cjrad @vormetric #CloudSecurity
Cloud Computing Security Challenges
Multi-tenancy issues 01
Protecting confidential data 02
Data residency resulting in legal issues
03
Lack of standards across service providers
04
Auditing, reporting, and compliance
05
Visibility and intelligence in cloud
06
Does data remain after moving to/from cloud? 07
Service providers access to data
08
@cjrad @vormetric #CloudSecurity
Memory Compute Storage
Hypervisor
Data Access Framework: [1/3]
Risks to Data Across the IT Stack
Operating System
Database
Application
User/End Point
Data Breach Risks
Compromised User Account or Device, MalWare, Spoofed Sessions, etc.
Privileged Users (Application Admins), Application Vulnerability, SQL Injection, etc.
Privileged Users (Database Admins), Pool Account, SQL Injection, Unpatched DB Vulnerabilities, Misconfigured DB permissions, etc.
Privileged Users (root, Sys Admins, Domain Admins), Vulnerable Service, Malware, etc.
Privileged Users (root, Sys Admins), Hypervisor Administrators, Security Vulnerabilities in the Hypervisor, etc.
Privileged Users (root, Sys Admins), Misconfigured File Permissions, Physical Media Theft, Storage Administrators, etc.
@cjrad @vormetric #CloudSecurity
Memory Compute Storage
Hypervisor
Data Access Framework: [2/3]
Controls Implemented to Address Risks
Operating System
Database
Application
User/End Point
Controls to Prevent Data Breaches
Identity and Access Management, Endpoint Protection, Malware Detection, etc. – Rules and Signatures
Web Application Firewalls – Rules and Signatures
Database Activity Monitoring and Protection – Monitoring and Controls
Data Firewall: Encryption, security intelligence, and access policy controls
Security provided by hypervisor to segment data in multi-tenant environments
Data Firewall: Encryption, security intelligence and access policy controls
@cjrad @vormetric #CloudSecurity
Data Access Framework: [3/3]
Use Best in Class Solutions to Address Risks
Hypervisor
Operating System
Database
Application
User/End Point
Memory Compute Storage
@cjrad @vormetric #CloudSecurity
Data-Centric Security Elements for Protecting Data in the Cloud
Strong Access Policies Block privileged users like root from viewing data and thwart APTs
Provide fine-grained control to determine who can view specific data
Encryption & Key Management Lock down the data using strong industry approved algorithms
Understand who has control and ownership of keys and access policies
Security Intelligence Log all access to what matters the protected data
Provide valuable real-time intelligence on who is accessing protected data where and when
Automation Automatic installation, configuration, and dynamic policy enhancements based on real-time threats
Instant protection upon provisioning of new resources
Multi-Tenancy Secure data in commingled and multi-tenant environments
Enable end users to control policies specific to their own data
@cjrad @vormetric #CloudSecurity
Physical
Vormetric Encryption
Vormetric Data Security Manager
Secure Vaulting (Certificates, Keys)
• Automate Deployment
• Key & Encryption Management
Vormetric Toolkit
Vormetric Vault
File and Volume Encryption Agents
Big Data
VM
Virtual
Physical
Virtual
Vormetric Key Management
Virtual Physical
Environment Support
Public Cloud
Private Cloud & Virtualization
Hybrid
Data Centers
Application Agents • Oracle and SQL
Server TDE Keys • Application
Encryption API
Vormetric Data Security Platform
• Policy & Management • Security Intelligence Logs • Users & groups
@cjrad @vormetric #CloudSecurity
Secure the Public Cloud
Enterprise Data Center Environment
Internet
Policies & Logs
Policies & Logs
Vormetric Data Security Manager
Keys
Keys
Physical Servers
Private Cloud
Virtual Private Cloud
Virtual Private Cloud
Virtual Private Cloud
@cjrad @vormetric #CloudSecurity
Secure your Private Cloud
Secure your private cloud just as you would your physical enterprise Domains and tenancy features easily support the needs of multiple business units
Vormetric Data Security
Manager
Keys
Policies & Logs
Automation
Business Unit 1
Business Unit 2 Business Unit 3
@cjrad @vormetric #CloudSecurity
Address the “Insider Threat” by Limiting Access to Data Through Privileged User Access Policies
APT and Malicious Insiders
Business Unit User
Enterprise System Administrator
(Privileged User)
Virtual Machine Layer
Hypervisor Layer
Encrypted Multi-Tenant Storage
Storage Administrator
Storage Administrator
Enterprise
Cloud
• Log & Audit Access
• Integrate with SIEM for Actionable Intelligence
• Keys and policies owned & managed by the enterprise
@cjrad @vormetric #CloudSecurity
Securing Data in IBM SCE using Vormetric
Vormetric DSM from IBM Enterprise portal
DSM Management Console
Logged In Site
Domain Management
Host Management
Policy Management on your agent host.
GuardPoint
Apply a policy to a GuardPoint
@cjrad @vormetric #CloudSecurity
Launch Vormetric DSM from IBM SmartCloud Enterprise
@cjrad @vormetric #CloudSecurity
DSM Management console
@cjrad @vormetric #CloudSecurity
Logged In Site
@cjrad @vormetric #CloudSecurity
Domain Management
@cjrad @vormetric #CloudSecurity
Host Management
@cjrad @vormetric #CloudSecurity
Policy Management
@cjrad @vormetric #CloudSecurity
Policy Management – Cont’d
@cjrad @vormetric #CloudSecurity
Configure Guard Points
@cjrad @vormetric #CloudSecurity
Configure Guard Points – Apply Policy
@cjrad @vormetric #CloudSecurity
Data-Centric Security Checklist for Cloud
If in the cloud, what are the SLAs? What are my expected responsibilities?
How will my data be encrypted?
Is my data on dedicated hardware? If not, how is data segregated?
Who has access or control over my data? How can I manage control/access?
When are audits conducted? How can I review results of audits?
Where is my data physically? Is the location physically secure?
@cjrad @vormetric #CloudSecurity
Data-Centric Security Requirements
Transparent Transparent to Business Process
Transparent to Apps / Users
Neutral Data Type
Strong
Firewall Your Data
Protect Privileged User Access
Restrict Users and Apps
Easy
Easy to Implement
Easy to Manage
Easy to Understand
Efficient
Minimal Performance Impact
Multiple Environments Perform
Rational SLAs
@cjrad @vormetric #CloudSecurity
Data-Centric Security for Protecting Data in the Cloud
Strong Access Policies
Encryption and Key
Management
Security Intelligence
Multi-Tenancy
PRIVATE OR PUBLIC
YOUR CLOUDS, YOUR KEYS
FIREWALL DATA: ACCESS, ENCRYPTION,
SECURITY INTELLIGENCE
1 2 3
Automation
@cjrad @vormetric #CloudSecurity
Cloud Security Download Whitepaper at
Vormetric.com/resources/white-papers
Thank You!
C.J. Radford, Vice President, Cloud @cjrad @vormetric #CloudSecurity
Saravanan Coimbatore, Director, Cloud Solutions
top related