© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Slides:



Advertisements
Similar presentations
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Advertisements

Cisco‘s Cloud Stragegy, Products and Solutions Dr. Walter Dey, Distinguished Systems Engineer Datacenter and Virtualization Team Cisco Systems EMEAR Eurocloud.
System Center 2012 R2 Overview
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
© 2010 VMware Inc. All rights reserved Cloud Andy Steven: Enterprise Cloud Architect Northern EMEA
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Cisco and NetApp Confidential. Distributed under non-disclosure only. Name Date FlexPod Entry-level Solution FlexPod Value, Sized Right for Smaller Workloads.
Unified Logs and Reporting for Hybrid Centralized Management
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.
Does "The Cloud" Fit Into Your Organization? Tom Horan Meridian IT Inc. VP, Strategic Markets (847)
5205 – IT Service Delivery and Support
© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant Classification 8/27/
Copyright 2009 Trend Micro Inc. Harish Agastya, Director Server Security Product Marketing Server Security Press Presentation.
© 2009 VMware Inc. All rights reserved VMworld Update Ian Moore - Country Manager Ireland ie.linkedin.com/in/iantmooreiantmoore.
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
© 2010 VMware Inc. All rights reserved Confidential VMware vFabric Data Director Powering Database-as-a-Service for Oracle, SQL Server, Hadoop and vFabric.
IBM Global Services © 2006 IBM Corporation IBM Internet Security Systems Ahead of the threat. ™ IBM Global Technology Services © 2009 IBM Corporation IBM.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Neil Sanderson 24 October, Early days for virtualisation Virtualization Adoption x86 servers used for virtualization Virtualization adoption.
2009 Federal IT Summit Cloud Computing Breakout October 28, 2009.
1 MIKE MARCELLIN VP PRODUCT MARKETING. THE NEW NETWORK ENABLES CLOUD SERVICES, SECURITY, MOBILITY AND CONTENT DELIVERY NETWORKS.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Software. Using Automated Tools to Effectively Manage Tomorrow’s Data Center Stephen Elliot Vice President of Strategy Virtualization and Service Automation.
Cloud Computing Made Simple Alec Felgemaker Sr Systems Engineer VMware, Inc.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
Architecture & Cybersecurity – Module 3 ELO-100Identify the features of virtualization. (Figure 3) ELO-060Identify the different components of a cloud.
Mark Gilbert Microsoft Corporation Services Taxonomy Building Block Services Attached Services Finished Services.
noun ; Software Defined Enterprise/SDE/ The enterprise who leverages software to flank their traditional business offerings, or to create entirely new.
ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
© 2011 IBM Corporation IBM Cloud Computing Data en Cloud Computing Frank van der Wal, Technical Advocate.
Copyright 2011 Trend Micro Inc. Securing Your Journey to the Cloud Data Center Evolution: Physical. Virtual. Cloud. 1.
© 2010 IBM Corporation John Pritchard Cloud Architect Cloud Computing Client Engagements January, 2010 IBM Cloud Computing Reference Architecture.
Cloud Agility with Performance Bridging the Performance Gap for Virtual Network Infrastructure Paul Andersen Sr. Marketing Director.
Clouding with Microsoft Azure
Chapter 6: Securing the Cloud
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Prepared by: Assistant prof. Aslamzai
Federated IdM Across Heterogeneous Clouding Environment
Infrastructure as a Service
Cisco’s Intelligent Automation for Cloud
Virtualization & Security real solutions
VMware NSX and Micro-Segmentation
Johan Celis Security Solutions Architect EMEA IBM
Developing a Baseline On Cloud Security Jim Reavis, Executive Director
IT Management Services Infrastructure Services
Productive + Hybrid + Intelligent + Trusted
Presentation transcript:

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM

© 2010 IBM Corporation2  Integrated service lifecycle mgmt.  Expose resources “as-a- Service”.  Integrated Security infrastructure.  Rapid provisioning of IT resources, massive scaling.  Dynamic service mgmt.  Energy saving via auto workload distribution.  Rapid deployment of infrastructure and applications.  Request-driven service management.  Service Catalog.  Virtualization.  Better hardware utilization.  Improved IT agility.  Server Consolidation.  Streamline Operations – manage physical and virtual systems.  Lower power consumption. Cloud Computing Virtualization – First Step in Journey to Cloud Computing

© 2010 IBM Corporation3 Top Threats To Cloud Computing  Abuse and nefarious use of cloud computing  Insecure interfaces and API’s  Malicious insiders  Shared technology issues  Data loss or leakage  Account of service hijacking  Unknown risk profile

© 2010 IBM Corporation4 Layers of a typical Cloud Service System Resources Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment Virtualized Resources Virtual Network, Server, Storage Virtualized Resources Virtual Network, Server, Storage Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Infrastructure as a service Virtualized servers, storage, networking Infrastructure as a service Virtualized servers, storage, networking Platform as a service Optimized middleware – application servers, database servers, portal servers Platform as a service Optimized middleware – application servers, database servers, portal servers Application as a service Application software licensed for use as a service provided to customers on demand Application as a service Application software licensed for use as a service provided to customers on demand Cloud Platform Cloud Delivered Services IAAS SAAS PAAS

© 2010 IBM Corporation5 Cloud Security System Resources Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment Virtualized Resources Virtual Network, Server, Storage Virtualized Resources Virtual Network, Server, Storage Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Infrastructure as a service Virtualized servers, storage, networking Infrastructure as a service Virtualized servers, storage, networking Platform as a service Optimized middleware – application servers, database servers, portal servers Platform as a service Optimized middleware – application servers, database servers, portal servers Application as a service Application software licensed for use as a service provided to customers on demand Application as a service Application software licensed for use as a service provided to customers on demand Cloud Platform Cloud Delivered Services  Secure integration with existing enterprise security infrastructure  Federated identity / identity as a service  Authorization, entitlements  Log, audit and compliance reporting  Intrusion prevention  Process isolation, data segregation  Control of privileged user access  Provisioning w/ security and location constraints  Image provenance, image & VM integrity  Multi-tenant security services (identity, compliance reporting, etc.)  Multi-tenant intrusion prevention  Consistency top-to-bottom

© 2010 IBM Corporation6 Cloud Security = SOA Security + Virtualization Security System Resources Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment Virtualized Resources Virtual Network, Server, Storage Virtualized Resources Virtual Network, Server, Storage Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Business Support Services Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Infrastructure as a service Virtualized servers, storage, networking Infrastructure as a service Virtualized servers, storage, networking Platform as a service Optimized middleware – application servers, database servers, portal servers Platform as a service Optimized middleware – application servers, database servers, portal servers Application as a service Application software licensed for use as a service provided to customers on demand Application as a service Application software licensed for use as a service provided to customers on demand Cloud Platform Cloud Delivered Services Service Oriented Architecture (SOA) Security Virtualization Security

© 2010 IBM Corporation7 Hypervisor Security Challenges – New Complexities  1:1 ratio of OSs and applications per server  1:Many ratio of OSs and applications per server  Additional layer to manage and secure After VirtualizationBefore Virtualization

© 2010 IBM Corporation8 Management Vulnerabilities —————————— Secure storage of VMs and the management data Management Vulnerabilities —————————— Secure storage of VMs and the management data Stealth rootkits in hardware now possible —————————— Virtual NICs & Virtual Hardware are targets Stealth rootkits in hardware now possible —————————— Virtual NICs & Virtual Hardware are targets Hypervisor Security Challenges – New Risks Virtual sprawl —————————— Dynamic VM state & relocation —————————— VM stealing Virtual sprawl —————————— Dynamic VM state & relocation —————————— VM stealing Resource sharing —————————— Single point of failure —————————— Reduced visibility & control Resource sharing —————————— Single point of failure —————————— Reduced visibility & control

© 2010 IBM Corporation9 9 Security Challenges – OS & Application Vulnerabilities  Traditional threats remain as long as VMs communicate with the network, virtual or physical o Worms o Rootkits o Trojans o DoS o SQL Injection o Cross Site Scripting  Virtual machine state changes (online, offline, snapshots) and cloning can obsolete patching processes OS and application vulnerabilities and exposures do not change in the virtual world !!!

© 2010 IBM Corporation10 Security Challenges – Security & Network Convergence

© 2010 IBM Corporation11 Security Challenges – Compliance Best Practices for Security Compliance in a Virtualized Environment *Source: RSA Security Brief: Security Compliance in a Virtual World  Configuration and change management processes should be extended to encompass the virtual infrastructure  Maintain separate administrative access control though server, network and security infrastructure is now consolidated  Provide virtual machine and virtual network security segmentation  Maintain virtual audit logging

© 2010 IBM Corporation12 Traditional Security Solutions May Add Cost And Complexity Only blocks threats and attacks at the perimeter Secures each physical server with protection and reporting for a single agent Patches critical vulnerabilities on individual servers and networks Policies are specific to critical applications in each network segment and server Network IPS Server Protection System Patching Security Policies Seems Secure …… Not Secure Enough Should protect against threats at perimeter and between VMs Securing each VM as if it were a physical server adds time and cost Needs to track, patch and control VM sprawl Policies must be more encompassing (Web, data, OS coverage, databases) and be able to move with the VMs

© 2010 IBM Corporation13 IBM Virtualization Security Solutions Existing solutions certified for protection of virtual workloads Threat protection delivered in a virtual form-factor Integrated virtual environment- aware threat protection  IBM Security Server IPS  IBM Security Network IPS  IBM Security Network Mail Security  IBM Security Network MFS  IBM Security Virtualized Network Security  IBM Security Network Mail Security  IBM Security Virtual Server Protection for VMware

© 2010 IBM Corporation14 What is VMsafe API ? Security VM (SVM) VMsafe API  CPU & Memory Inspection  Networking  Storage

© 2010 IBM Corporation15 IBM Security Virtual Server Protection for VMware Integrated threat protection for VMware vSphere 4 n VMsafe Integration n Firewall and Intrusion Prevention n Rootkit Detection/Prevention n Inter-VM Traffic Analysis n Automated Protection for Mobile VMs (VMotion) n Virtual Network Segment Protection n Virtual Network-Level Protection n Virtual Infrastructure Auditing (Privileged User) n Virtual Network Access Control IBM Security Virtual Server Protection

© 2010 IBM Corporation16  Vulnerability-centric, protocol-aware analysis and protection  Abstraction from underlying network configuration  Automated protection for new VMs  Network-level workload segmentation  Privileged-level protection of OS kernel structures IBM Security Virtual Server Protection for VMware Intrusion Prevention System (IPS)

© 2010 IBM Corporation17  Performs deep packet inspection  Performs deep protocol and content analysis  Detects protocol and content anomalies  Simulates the protocol/content stacks in vulnerable systems  Normalizes at each protocol and content layer Provides the ability to add new security functionality within the existing solution IBM Security Virtual Server Protection for VMware IPS - Protocol Analysis Module (PAM)

© 2010 IBM Corporation18 Protocol Analysis Module Virtual Patch ® Technology  Shielding a vulnerability from exploitation independent of a software patch  Enables a responsible patch management process that can be adhered to without fear of a breach  IBM is a MAPP (Microsoft Active Protections Program) partner

© 2010 IBM Corporation19 Why IBM ? IBM leads the industry in breadth and depth of security expertise with:  7,000,000,000+ security events managed daily  48,000+ vulnerabilities tracked in the IBM X-Force® research and development database  15,000 researchers, developers and subject matter experts on security initiatives  4,000+ customers managed in security operations centers around the world  3,000+ security & risk management patents  40+ years of proven success with security and virtualization on IBM Systems

© 2010 IBM Corporation20 Thank you! For more information, please visit: Johan Celis –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.