australian cio summit 2012: architecting a secure castle in the clouds by dr tim redhead, director,...
TRANSCRIPT
Architecting a secure castlein the clouds
Dr Tim RedheadDr Tim RedheadDotSecDotSec
[email protected]@dotsec.com
Strong requirements
Clear understanding of risk
Some very good architecture
Security architecture
● Identity and Access Management● Mobile and ubiquitous devices● The cloud and as-a-service model
I think therefore... IAM!
● Identity and Access Management● Great opportunities for IAM in your SecArch● Rally to me!● Kicking the devil's dog
IAM benefits
● Cost-effective● e.g. Limited budget; fixed-price projects.
● Robust● e.g History of fault-tolerance and HA.
● Secure● No option: Owners and providers want assurance.
● Claims based● Flexible, extensible, aligned
We can leave the 20th century
Database 1Database 1
Services 1Services 1
InternetInternet
Client 1Client 1
Dir 1Dir 1 Database 2Database 2
Services 2Services 2
InternetInternet
Client 2Client 2
Dir 2Dir 2 Database 3Database 3
Services 3Services 3
InternetInternet
Client 3Client 3
Dir 3Dir 3Mergesome
directories
Aggregate some services
Infrastructural sec services
And then we can have nice things
Prov1
Internet
Client ClientClient
Prov2 Prov3
Prov4
DirIdP Etc
Fun with mobiles
● Rocks and hard places● Opportunities for enhanced services● Marty McFly still lives!● Platforms and lava lamps● The users are all primed to go● I want a flashing one, with the lot!
Who's to know?
● Dr Gerry McCartney● Stuxnet, Flame, Duqu and Zeus● Bangs and whispers
Don't be sad
● RDRBA is your key● Fight the battles you can win● Thin out the threatscape● Coral the zombies● Two is better than one
Forecasting clouds
● Mostly fairly well understood components● Risky relationships but not bad per se● 20 people and 20 answers... sans wine
Dilbert ©2012, Universal Uclick
Our uses
Monoliths and memorials
● RDRBA will guide you● Clouds, silver bullets and planning
● What will you get and what will you lose?
Client
Presentation
Logic
Data store
Network
Vir
tua
lisa
tion
Ba
cku
p a
nd
DR
Se
curi
ty in
fra
stru
ctu
re
Strong requirements
Clear understanding of risk
Some very good architecture