Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.

Slides:

Advertisements

Similar presentations

Network Systems Sales LLC

Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Beyond virtualization  Complete virtualization platform  Improved scalability and performance.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Built on the Powerful Microsoft Azure Platform, EventsAIR Provides a Turnkey, Robust Technology Solution for Professional Event Organizers MICROSOFT AZURE.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Simple Online Accounts for Your Business – With Help from Microsoft Azure, Big Red Cloud Makes Accounting Easier for Thousands of Businesses MICROSOFT.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

With the Help of the Microsoft Azure Platform, Awingu’s Web-Based Workspace Aggregator Enables Concrete and Easy Mobility Scenarios MICROSOFT AZURE ISV.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Next-Generation Formotus Forms Replace Paper and InfoPath with Mobile Business Applications Created and Deployed Using Microsoft Azure MICROSOFT AZURE.

Protect Your Business-Critical Data in the Cloud with SoftNAS, a Full-Featured, Highly Available Solution for the Agile Microsoft Azure Platform MICROSOFT.

CSI Software Offers Fully Integrated, Single-Source Enterprise Software for Membership-Based Facilities COMPANY PROFILE: CSI SOFTWARE CSI Software was.

Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

MICROSOFT AZURE ISV PROFILE: D-SCOPE SYSTEMS D-Scope Systems is an enterprise-level medical media product and integration specialist company. It provides.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Built on Azure, Moodle Helps Educators Create Proprietary Private Web Sites Filled with Dynamic Courses that Extend Learning Anytime, Anywhere MICROSOFT.

Virtual Classes Provides an Innovative App for Education that Stimulates Engagement and Sharing Content and Experiences in Office 365 MICROSOFT OFFICE.

MidVision Enables Clients to Rent IBM WebSphere for Development, Test, and Peak Production Workloads in the Cloud on Microsoft Azure MICROSOFT AZURE ISV.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

Power LogOn® Adds Card-Based, Multi- Factor Authentication to Microsoft Azure Logon, Plus Password Management for All Other Logons MICROSOFT AZURE ISV.

Connect Applications and Business Partners in Integration Cloud, the Reliable and Transparent Integration Environment Built on Microsoft Azure MICROSOFT.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

Flight is a SaaS Solution that Accelerates the Secure Transfer of Large Files and Data Sets Into and Out of Microsoft Azure Blob Storage MICROSOFT AZURE.

Smart Syncing: Travelers Get News, Information, and Entertainment along with Free Internet via WiFi COMPANY PROFILE: SIENN With a team across Europe, SIENN.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.

IS3220 Information Technology Infrastructure Security

Powered by the Microsoft Azure Platform, Truck Tin Helps Your Sales Consultants Improve Efficiency, Information Sharing, Client Relations MICROSOFT AZURE.

Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

ProcessFrame QMS Is a Quality Management System that Supports ISO 9001:2015 Standard and Runs on the Microsoft Azure Cloud Platform MICROSOFT AZURE ISV.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Bill Fisher Security Engineer National.

© 2007 IBM Corporation IBM Software Strategy Group IBM Google Announcement on Internet-Scale Computing (“Cloud Computing Model”) Oct 8, 2007 IBM Confidential.

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

Clouding with Microsoft Azure

Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.

A Shift in the Data Security Paradigm

Organizations Are Embracing New Opportunities

DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.

Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.

New Heights by Guiding Them into the Cloud

Free Cloud Management Portal for Microsoft Azure Empowers Enterprise Users to Govern Their Cloud Spending and Optimize Cloud Usage and Planning MICROSOFT.

Keyhub Identity and Access Management App is Powered by Azure and Offers Customers Easy Authentication, Authorization for Mobile Devices MICROSOFT AZURE.

SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.

Wonderware Online Cost-Effective SaaS Solution Powered by the Microsoft Azure Cloud Platform Delivers Industrial Insights to Users and OEMs MICROSOFT AZURE.

Sell Global, Feel Local by Leveraging eShopWorld

Nimble Streamer Helps Media Content Providers Create Streaming Networks Cost-Effectively and Easily by Utilizing Azure’s Worldwide Scalability MICROSOFT.

Cloud DX Connected Health Kits Depend on Azure to Deliver Cloud Storage and Securely Host Data for its Remote Patient Monitoring MICROSOFT AZURE APP BUILDER.

Veeam Backup Repository

Get Real Value and Insights from Your Data: Biin Solutions Provides Predictive Analytics, IoT, and Business Intelligence with Microsoft Azure Power MICROSOFT.

Built on the Powerful Microsoft Azure Platform, Lievestro Delivers Care Information, Capacity Management Solutions to Hospitals, Medical Field MICROSOFT.

With IvSign, Office 365 Users Can Digitally Sign Word Documents in the Cloud from Any Device Without Having to Install Any Digital Certificates OFFICE.

Intelledox Infiniti Helps Organizations Digitally Transform Paper and Manual Business Processes into Intuitive, Guided User Experiences on Azure MICROSOFT.

Big Red Cloud Offers a Simple Online Accounts Solution for Business Owners and Bookkeepers Hosted on the Powerful Microsoft Azure Platform MICROSOFT AZURE.

Auth0 Is Identity Made Simple for Developers, Built by Developers and Supported by the High Availability and Performance of Microsoft Azure MICROSOFT AZURE.

I-POWER JAPAN Gives Small Businesses the Ability to Get Their Work Done from Anywhere, Even a Construction Site, by Using Microsoft Azure MICROSOFT AZURE.

DeFacto Planning on the Powerful Microsoft Azure Platform Puts the Power of Intelligent and Timely Planning at Any Business Manager’s Fingertips Partner.

Data Security for Microsoft Azure

Built on the Powerful Microsoft Azure Platform, the SiouxApp “Project-Server” Helps to Manage Projects and More with App Enhancement Tools MICROSOFT AZURE.

Druva inSync: A 360° Endpoint and Cloud App Data Protection and Information Management Solution Powered by Azure for the Modern Mobile Workforce MICROSOFT.

MARMIND’s New Service Delivers a Single Centralized Marketing Plan That Connects Teams, Campaigns and Outcomes by Using the Power of the Azure Platform.

MICROSOFT AZURE ISV PROFILE: ONEBE

Keep Your Digital Media Assets Safe and Save Time by Choosing ImageVault to be Your Digital Asset Management Solution, Hosted in Microsoft Azure Partner.

Smart Learning concepts to enhance SMART Universities in Africa

Presentation transcript:

Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015

Agenda Security - need for change What is different Challenges Typical use cases What if… Emerging capabilities

Future of Computing Security Predictable? Not really, but opportunity rich! Present situational awareness Cloud, multiple instances with different control and governance models Nearly ubiquitous connectivity Smart phones and wearable devices Automobiles that are online, potentially participating in a mobile office experience

In the Clouded World Computing essentially happens everywhere The enterprise has no physical or concrete boundary Different devices participate in the enterprise and user experience Devices may participate in multiple enterprises Distributed Enterprise is the Norm

Cloud → Change in IT Security Traditional IT Paradigms under stress Not only about the device, network protection and prevention, or ‘defense in depth’ strategies Our data is everywhere, multi-jurisdictional How to maintain mission resiliency with better IT? Enable both offense and defense Cloud technology ‘abstracts’ reality – interferes with traditional boundary & containment approaches Virtualized network, storage, machines, resources Provides accelerated dynamic response to needs Is flexibility an advantage? It depends….

Servers End Devices Multi-Cloud Protected Data Multi-Provider Tough Problems Multi-dimensional platform integrity (compute, storage, network) Deployable ‘STIG-ability’ in the virtual world Dynamic patch management & operations Software defined network Volume management & content protection How to protect sensitive information? No matter where the data is Or what is processing Application authenticity Is the application compromised? Is this the right application?

Current Situation – Typical Use Cases We care about financial transactions, medical records, legal documents, detecting fraud, IDAM authenticity, etc. Content confidentiality, assurance, non-repudiation, transactional pedigree, separation of concerns and duties Conventional host based security models Determine identity within trusted governed domain or application Explicit rights in localized context Persona: identity has context, rights defined within domain, different in another domain, rarely identity transferable with assurance (gov’t PKI bridge, cert attributes) E.g. maintaining logon IDs to web sites Host is responsible for identity controlled access Applicable to well controlled contiguous environments Controlled host and network environments are no longer the norm with cloud, ubiquitous networks, global business

What if We Had… Offline revocation of credentials Data that knows where it has been Conditional processing data (including multi-factor) Offline content protection that Works anywhere Host independent Next generation electronic signatures Smart signed applications & content More than installation license integrity Run-time integrity

What Should we Anticipate? Application trust for multi-jurisdictional transactions and content manipulation Next Gen Certificates mean more than authenticity Implied credentials, membership associations Multi-domain rights adjudication Message payload, context, and forgery resistance Transactional sequencing integrity and assurance Content protection beyond transport and rest Transport ‘man-in-the-middle’ assumes an intercept Endpoint & identity forgery (malware) Content hostage Should an application (or machine) know where it is running to determine trust of the surroundings? Does an application need to travel with its own mini-trusted OS for integrity?

Emerging Capabilities Application resiliency Cloud based forensics Legacy application migration Transformation not re-hosting Achieving appropriate continuous security posture Upgrades and enhanced software defined infrastructures (network, compute, and storage) Offense and Defense on agile platforms and environments Maintaining configuration and control over a changing environment and knowing what change is correct - all the time

Emerging Capabilities (cont’d) Dynamic Operations, Infrastructures, and Participants Sensitive data sharing across coalition, assured delivery – on a hostile commercial platform Commercial examples Healthcare medical records Financial transactions Content, rights management & IDAM Joint and dynamic coalition partners – smarter data tagging Data is the new platform

Questions?