Download presentation
Presentation is loading. Please wait.
Published byThomasine Hampton Modified over 7 years ago
1
CLOUD SECURITY Timothy Brown Director, Security & Virtualization
Network Utility Force
2
About Your Presenter Walker and Associates has been around for more than 40 years, handling the needs of communications carriers and the Federal Government as a Value Added Distributor (Warehousing, Networking, Design Services, Reselling) Network Utility Force is a consulting company focused on network and security infrastructure. We enable companies to make the most of their infrastructure. Our team collectively has over 100 years of service provider and enterprise engineering experience. I (Tim Brown) am ex-OEM, ex-service provider, ex-VAR and have been involved in network engineering since 1995.
3
Today’s Presentation Fundamental questions (but there are many others): Is being in the cloud less secure than having gear at my facility? What new threats do I face by moving to the cloud? How can all this “as-a-service” stuff help me do my job?
4
How do you normally protect an asset?
Infrastructure security (power, cooling, entrance points, …) Physical security Network security Systems security Application security Data security (storage, databases)
6
Cloud has us think of things a little differently
Generate revenue from “functions” Decompose the true cost/effort of delivering a given function, make that something we can sell (“de”-commoditize) The security needs of DoD are fundamentally different from a web hosting provider Move to automation, immutability Services don’t prevent you from rolling your own (and in DoD case, you use SCCA)
8
Looking at five options today
Amazon’s AWS Google Cloud Microsoft Azure Virtualized security within your existing facilities Carriers/Hosting
9
One axis: How “automatable” is the solution
With cloud computing and virtualization, world is moving to a more “repeatable, immutable” model Applications no longer monolithic Systems are heading to a distributed world We could evaluate these items on many axes. But some of the more important things that differentiate clouds
11
Cloud Platforms and Security Features
12
All clouds offer some high level segmentation and network virtualization
“Buckets” of resources Projects, VPCs, granularity Whitebox or software switches, special hypervisor features MAC learning, custom drivers Custom firewalls/packet processors
13
Network Features Amazon AWS Custom route tables DHCP Options
Elastic IPs Flexible NAT Cloud Firewall Peering Flow Monitoring Google Cloud Cloud Load Balancing Cloud CDN Cloud InterconnectMicrosoft Azure ExpressRoute Load Balancing/Application Gateway Network Watcher
14
Logging and Monitoring
Amazon AWS CloudTrail CloudWatch Log Aggregation Google Cloud Stackdriver (AWS+GCP) – Error reporting, trace, debugger, API frontends Microsoft Azure Azure Monitoring Application Insights Log Analytics System Center Operations Manager
15
Access Control Amazon AWS IAM MFA Directory Service Google Cloud
Cloud IAM Cloud IAP Cloud DLP Key Vaults Microsoft Azure Key Vault Active Directory
16
Border Protection Approach
17
Historical approach to security: protect the border
18
Segmentation Approach
19
Segmentation approach
20
Microsegmentation Approach
21
Microsegmentation
22
Typical Architectures
23
AWS
24
Some terminology changes
25
AWS Architecture Example
26
AWS Architecture
27
AWS Compliance GovCloud has achieved FedRAMP High
Provisional authorizations for IL4 and soon IL5 (unclassified, IL5 includes unclassified National Security Systems) See accelerator/nist/latest/assets/NIST Security-Controls- Mapping.xlsx
28
Google
29
Google Cloud Architecture
30
Compliance Has FedRAMP ATO No SRG compliance as far as I know of
31
Azure
32
Microsoft Azure Architecture
33
Azure Compliance DoD IL5, 4 Compliant
34
You Host It
35
Comes back to our two views: Segmentation and microsegmentation
37
Where the security industry is headed
38
Zero Trust Model
39
Summary
40
Thanks
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.