Security POC June 12, 2012

Matt Lowth

Principal Security Architect

Jeffrey Deacon

Chief Cloud Strategist

Albert Caballero

Chief Technology Officer

1

2

NAB and the ODCA

About Us

National Australia Bank Group (the Group) is a financial services organisation with over 12,000,000 customers and 50,000 people, operating more than 1,750 stores and Service Centres globally.

Currently developing our Internal Private Cloud Capability.

NAB and the ODCA Part of the ODCA as a Steering Committee Member since 2010.

Chair of Security Workgroup and helped develop Security Usage Models.

3

Challenges and Role of Usage Models

Challenges

• Common understanding of security standards is a big hurdle to enterprise cloud adoption

• Very difficult to determine “what is secure”

Usage Models

• Usage models developed to overcome these issues

• Provider assurance

• Security monitoring

• Bronze/Silver/Gold/Platinum

4

ODCA Proof of Concept Process

PM = Project Management, SP= Solution Provider, SW = Software, WG = Work Group,

REAL WORLD SOLUTIONS built on industry driven guidelines

• SP checklist submitted

• Members select SP

• Initiate kick-off meeting

• WG, steering comm. notified

• Generate/Agree on statement of work

• Determine PM method

• Generate test plan

• WG approval of test plan

• Acquire equipment, SW, and licensing

• Configure Test bed

• Execute test plan/document

• Reports

• WG feedback

• Demos

• Other

Pre-engagement Match Making

Project Planning

Project Execution

Project Closure

5

ODCA Security POC Usage Model

Security Provider Assurance

• 26 security requirements

• 8 test cases

Security Monitoring

• Requires proof of achieving requirements

• 2 success scenarios

6

Enterprise Cloud Services

7

Terremark Vision for Enterprise Cloud

Core Capabilities Purpose-Built Data Centers Secure and Isolate Customer Data Automated and Efficient Programmable with Application Services

Attributes Global Extensible Hybrid Capability Service Levels Simplicity of Use Predictability and Control

Investment Expansion Expertise and People New Solutions and Markets

Globally Delivered from World-Class Facilities

8

Every virtual farm contains: • Virtual Firewall • Virtual Load Balancer

Carves out secure access to resources and creates customer VLAN

Directly provisioned from the portal

Two-tiered networking space: • Trusted network accessible only to other CaaS servers • DMZ network can be configured for Public IP-facing

applications

Virtual Farm is key part of security story

Virtual Farm with Intelligent Networking The Building Block of Your Environment

The virtual farm creates the individual customer network construct and delivers a secure and resilient configuration to access and protect customer data.

Virtual Load Balancer

Virtual Firewall

DMZ Network (Public IP-Facing) Trusted

Network

Storage

Server Resources

Server Resources

Virtual Farm N

9

ODCA Gold Provider Assurance Terremark Verizon Managed Cloud Cloud Subscriber Security Infrastructure

Internet

Remote Sites Name: CP Bastion 02 Server OS: RH Linux Role: Remote Access

Name: CP Bastion 01 Server OS: Windows 2003 Role: Remote Access

SecApp02 Server OS: Windows 2003 Role: ODCA Gold Demos

SecApp01 Server OS: Windows 2008 Role: Security Management

WebApp02 Server OS: RH Linux Role: Application Server

WebApp01 Server OS: RH Linux Role: Application Server

SecMgmt01 Server OS: Windows 2003 Role: Directory Services

SecScanner01 Server OS: Windows 2003 Role: Vulnerability Scanner

SecSIEM01 Server OS: Windows 2008 Role: Log Management

SecPol01 Server OS: Windows 2008 Role: Policy Management

SecDB01 Server OS: Linux Red Hat 5.6 Role: Database Server

CP Firewall 01

ODCA Gold Firewall 01 CP Load

Balancer

Remote Connections

CP Firewall 02

ODCA Gold Firewall 02

DMZ

Internal Network

10

11

Testing Methodology

1. Assess Provider Assurance Requirements

2. Identify Security Technologies and Provider Policies Needed to Support the Solution

3. Implement ODCA Solution:

• Trapezoid Interoperability Lab

• Terremark Managed VMware Cloud

• Applied Innovations HyperV Cloud

4. Security Monitoring

12

ODCA Gold Assurance: Challenges

Proof of Concepts Steps

1. Multiple service providers

2. 8 test cases covering provider assurance requirements

3. Subscriber validation of requirements

4. Also designing a portal that provides a web interface to tools that have multiple views and reports for Platinum ODCA

Providers don’t perform many of the security requirements yet

Surfacing data from tools that aren’t truly multi-tenant

All security requirements needs to be in place prior to the security monitoring reports

13

ODCA Gold Assurance: Results

Currently no service providers are meeting all of the requirements

Service Providers must work more closely with cloud subscriber

Third party security providers can help facilitate the process by adding layers of security required by each assurance level

14

Impact of PoC

Elements of usage model well defined, however some controls difficult to assess and/or implement

Usage model developed with best intention

Further refinement of the usage model to come to allow the more broad adoption of these tiered offerings, including distinction between managed/unmanaged service

Purpose of the PoC was to determine whether the standards we’d created were implementable

15

RFP / Adoption

Additional refresh of usage model to take into account results of the PoC

RFP requirements also refined as part of this process

Your Opportunity:

Learn from this POC to form your organizational strategy.

Demand secure and standard solutions based on ODCA requirements

16

Thank You

17

Resources

PRIORITIZE Learn the latest about ODCA requirements

at www.opendatacenteralliance.org

Use ODCA PEAT Tool for Upcoming RFPs

Explore the Latest Solutions at ODCA's

Cloud Expo Showcase Booth #411

Actively Participate in Today's Sessions

Scale your Knowledge with ODCA MEET

DELIVER

SHARE #Forecast12