Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 March 2011. 2 © SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios.

Published byRoy Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "1 March 2011. 2 © SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios."— Presentation transcript:

1 1 March 2011

2 2

3 © SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios

4 4 © SafeNet Confidential and Proprietary Cloud Security Challenges  Fundamental Trust & Liability Issues Data exposure in multi-tenant environments Separation of duties from cloud provider insiders Transfer of liability by cloud providers to data owners  Fundamental New Cloud Risks New hypervisor technologies and architectures Redefine trust and attestation in cloud environments  Regulatory Uncertainty in the Cloud Regulations likely to require strong controls in the cloud User ID and Access : Secure Authentication, Authorization, Logging Data Co-Mingling : Multi-tenant data mixing, leakage, ownership Application Vulnerabilities : Exposed vulnerabilities and response Insecure Application APIs : Application injection and tampering Data Leakage : Isolating data Platform Vulnerabilities: Exposed vulnerabilities and response Insecure Platform APIs: Instance manipulation and tampering Data Location/ Residency: Geographic regulatory requirements Hypervisor Vulnerabilities: Virtualization vulnerabilities Data Retention: Secure deletion of data Application & Service Hijacking: Malicious application usage Privileged Users: Super-user abuse Service Outage: Availability Malicious Insider: Reconnaissance, manipulation, tampering Logging & Forensics: Incident response, liability limitation Perimeter/ Network Security: Secure isolation and access Physical Security: Direct tampering and theft

5 5 © SafeNet Confidential and Proprietary Emergence of Encryption as Unifying Cloud Security Control  Encryption is a fundamental technology for realizing cloud security Isolate data in multi-tenant environments Recognized universally by analysts and experts and underlying control for cloud data Sets a high-water mark for demonstrating regulatory compliance adherence for data  Moves from Data Center tactic to Cloud strategic solution Physical controls, underlying trust in processes, and isolation mitigated some use of encryption Mitigating trust factors that don’t exist in the cloud.

6 6 © SafeNet Confidential and Proprietary Controlling Access to SaaS and Cloud Applications Keeping data secure when you don’t own the system Enforcing Authentication Strategy in the Cloud Multi-Factor authentication required for any apps Cloud or Physical Likely even more critical for cloud-based applications Lower level of trust, invocation of additional regulatory requirements Authentication Sprawl Separate authentication systems for each cloud provider Operationally un-scalable Typical user password/authentication fatigue and weak passwords  Preserving Flexibility Likely to use multiple cloud providers simultaneously Desire rapid re-provisioning to try new services Preserve options in chaotic cloud market The cloud market will consolidate- not if, but when Single Sign On Access Federated Identities Seamless Integration Rapid Provisioning PROBLEM KEY POINTS

7 7 © SafeNet Confidential and Proprietary Secure Access to SaaS: SafeNet Multi-Factor Authentication Protect access to cloud-based applications via centrally managed authentication Security Features Single authentication solution for both on-premise and cloud based applications Federate identities between on-premise solution to cloud based solutions using SAML 2.0 protocol Solution is form-factor agnostic: support for HW OTP tokens, SW solutions and Out of Band Google Apps and salesForce.com are supported out-of-the-box SOLUTION SafeNet Authentication Manager (SAM) User authenticates using enterprise identity Federated SSO to the cloud Cloud Applications SaaS Apps Salesforce.com Goggle Apps

8 8 © SafeNet Confidential and Proprietary Securing Uncontrolled Virtual Instances Achieving compliant isolation and separation of duties in multi-tenant environments Unlimited Copying of Instances Instances could be copied without awareness No visibility to instance location, no audit trail Instances used by competitors and malicious users Enables unlimited brute force attacking Return to original copy for next iteration of password guessing  Unsecured Container of Confidential Data Identical to lost or stolen laptop, except the instance is often a server Virtual nature of makes the potential surface area much larger Not just a single entity lost, potentially unlimited number PROBLEM Data Isolation Separation of Duties Cloud Compliance Pre-Launch Authentication Multi-Tenant Protection KEY POINTS

9 9 © SafeNet Confidential and Proprietary Secure Virtual Machines: SafeNet ProtectV TM Instance Control virtual machines in the cloud with secure instance encryption and authentication SOLUTION Security Features FIPS level pre-launch instance encryption Secure login interface (HTTPS) Password, one time password, and certificate based authentication options Event logging and activation notification SafeNet DataSecure (Supplemental Security Option): Manages encrypted instances Lifecycle key management Security policy enforcement Access control On-premise Virtual Machines Hypervisor Virtual Server ProtectV TM Instance

10 10 © SafeNet Confidential and Proprietary Maintain Trust & Control in Virtual Storage Volumes Loss of ownership in a shared storage environments Issue of Data Leakage Requires trust in meta-tagging or data isolation strategy of cloud provider Risks from misconfiguration and cloud administrators Regulatory evidence of privacy and integrity controls  Trust and Control Issues If cloud provider offers encryption: Proper Key Handling NIST Lifecycle compliance Strength, uniqueness, rotation, etc. NIST approved algorithms  Administration trust Separation of Duties Data Isolation Cloud Compliance Multi-Tenant Protection PROBLEM KEY POINTS

11 11 © SafeNet Confidential and Proprietary Secure Virtual Storage: SafeNet ProtectV TM Volume Maintain data privacy in shared storage environments with encrypted data isolation SOLUTION Security Features Multiple cloud storage options: ProtectV TM Volume for storage servers NetApp storage support ProtectFile customer-based encryption FIPS 140-2 Level 2 Security Certified Solution Centralized Policy and NIST 800-57 Key Lifecycle Management SafeNet DataSecure (Supplemental Security Option): Manages encrypted instances Lifecycle key management Security policy enforcement Access control On-premise Data Virtual Server ProtectV TM Volume Storage

12 12 © SafeNet Confidential and Proprietary Secure Cloud Applications Without Impacting Performance Maintain Root of Trust in Multi-Tenant Cloud Applications A Matter of Trust Trust transferred to cloud provider Lack of transparency in cloud security SAS 70 not useful  Risk and Liability Cloud provider never accepts risk Written in customer agreements How do you assess risk? No established framework for assessing risk  Regulatory Uncertainty No regulation address cloud directly Auditors looking for demonstrable security controls, higher standard Maintain Ownership of Keys Virtually No Performance Degradation Achieves Cloud Efficiency Gains Centralized Control & Management Transparent Application Integration PROBLEM KEY POINTS

13 13 © SafeNet Confidential and Proprietary On-premise Secure Cloud Applications: SafeNet DataSecure and ProtectApp Volume Enforce data protection in multi-tenant cloud deployed applications SOLUTION Security Features Multiple Cloud Storage Options: ProtectApp for Cloud application level encryption ProtectDB for cloud database encryption Tokenization Manager for cloud data tokenization FIPS 140-2 Level Security Certified Solution Secure Policy Enforcement and NIST 800-57 Key Lifecycle Management Application ProtectApp Database ProtectDB DataSecure Local crypto and key caching Tokenization

14 14 © SafeNet Confidential and Proprietary Loss of Digital Ownership and Control Secure Digital Signing and PKI in the Cloud Proving you are you Where is root of trust in Digital Signing and PKI when it’s all virtual? The challenge of attesting to ownership in a virtual world Current focus of virtualization research  Maintaining Keys in clouds When your cloud provider handles keys Appropriate key material Proper lifecycle and policy handling Privileged user abuse  The Cryptography and Entropy Problem Difficult to get true randomness in highly replicated and automated cloud Flaws in cryptographic functions have huge consequences September 2010.NET encrypted cookie problem affects 25% of Internet servers. Broad cloud-based platform integration Application and data separation High performing virtual transactions PROBLEM KEY POINTS

15 15 © SafeNet Confidential and Proprietary Secure Cloud-Based Identities and Transactions: SafeNet Hardware Security Options Establish digital ownership and root of trust in virtual environments SOLUTION Security Features Anchored root of trust for digital identities and transactions FIPS 140-2 Level 2 security Certified Solution Multi-host partitioning 20 – 100 per HSM Virtual platform support (Xen/Hyper-V/ESX-i) 3 rd party partner application support, and integration guides on virtual platforms Broad cloud-based platform integration Application and data separation High performing virtual transactions Private Public Hybrid On-premise Hardware Security Module

16 16 © SafeNet Confidential and Proprietary KEY POINTS Large Sensitive Data Transfers Sending sensitive data in cloud bursting and storage High Capacity, Highly Sensitive Data Transferring very sensitive data across trust boundaries Data Center to Private Cloud Entire servers and bulk storage May invoke encryption requirements (PCI)  Need for speed and efficiency Multi-Gigabit links Low latency requirements VMotion and similar technologies Streaming media and VoIP protocols Data redundancy Real time data transmission Continuous, encrypted data transmission PROBLEM

17 17 © SafeNet Confidential and Proprietary Secure Cloud-Based Communications: SafeNet High Speed Encryptors Transfer encrypted data communications at high-speed from enterprise to the cloud SOLUTION Security Features Multi-Gigabit L2 Low-Latency Encryption Best-in-class FIPS 140-2 Level 3 Security Certified Central policy management and seamless integration Data redundancy Real time data transmission Continuous, Encrypted data transmission On-premise Private High Speed Encryption

18 18 © SafeNet Confidential and Proprietary SafeNet Trusted Cloud Fabric A practical blueprint for extending trust and control when moving users, data, systems, and applications to virtualized environments  Solution Areas 1.Strong Authentication for Cloud Services SafeNet Authentication Manger SafeNet Token, Software, and Mobile Authentication 2.Secure Virtual Machines SafeNet ProtectV Instance Add DataSecure for Lifecycle Key Management 3.Secure Virtual Storage SafeNet ProtectV Volume Add DataSecure for KM and ProtectFile for Unstructured Data Protection 4.Securing Cloud Application Data SafeNet DataSecure, ProtectApp and ProtectDB Add Tokenization Manager to Reduce Audit Scope 5.Trust Anchor for Cloud Identities and Transactions SafeNet Hardware Security Modules 6.Secure Cloud Communications SafeNet High Speed Encryptors On-premise Secure Access to SaaS Secure Virtual Machines Secure Virtual Storage Secure Cloud Applications Secure Cloud-Based Identities and Transactions Secure Cloud-Based Communications

Download ppt "1 March 2011. 2 © SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Controls – What Works

Security Controls – What Works
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Data Security & PCI-DSS Compliance in Cloud & Virtual Data Centers (vDCs) Data Security in a Cloudy World Sangeeta Anand General Manager & Corporate Vice.

Data Security & PCI-DSS Compliance in Cloud & Virtual Data Centers (vDCs) Data Security in a Cloudy World Sangeeta Anand General Manager & Corporate Vice.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Similar presentations

Ads by Google