Presentation is loading. Please wait.

Presentation is loading. Please wait.

2nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014)

Published byDarren Thornton Modified over 6 years ago

Similar presentations

Presentation on theme: "2nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014)"— Presentation transcript:

1 2nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014) Securing the Cloud Selma Turki Business Development Executive, European Union Institutions

2 Security remains #1 inhibitor to broad scale cloud adoption
Security still remains the biggest objection to cloud computing, and the number one inhibitor to broad scale adoption. In a report by IDC, it was more than 30% more than the next concern. IT leaders are expected to enable the business, innovate and do more for less and cloud computing presents this opportunity. However, IT departments are concerned with reduced visibility into cloud data centers, less control over security policies, new and yet unknown threats facing shared environments and the complexity of demonstrating compliance. 2012 Cloud Computing – Key Trends and Future Effects – IDG

3 Cloud environments present new challenges

4 Location Independence
Cloud computing tests the limits of security operations and infrastructure People and Identity Application and Process Network, Server and Endpoint Data and Information Physical Infrastructure Governance, Risk and Compliance Security and Privacy Domains Multiple Logins, Onboarding Issues Multi-tenancy, Data Separation Audit Silos, Compliance Controls Provider Controlled, Lack of Visibility Virtualization, Network Isolation External Facing, Quick Provisioning To cloud Self-Service Highly Virtualized Location Independence Workload Automation Rapid Elasticity Standardization Critical mass of separation between data owners and data processors Anonymity of geography of data centers & devices Anonymity of provider Transient provider relationships Physical controls must be replaced by virtual controls Identity management has a key role to play Cloud WILL drive change in the security status quo In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases - greatly affecting all aspects of IT security.

5 Key Cloud security concerns
1. Manage the registration and control the access of thousands or even millions of Cloud users in a cost-effective way 2. Ensure the safety and privacy of critical enterprise data in Cloud environments without disrupting operations 3. Provide secure access to applications in the Cloud 4. Manage patch requirements for virtualized systems 5. Provide protection against network threat and vulnerabilities in the Cloud 6. Protect virtual machines 7. Achieve visibility and transparency in Cloud environments to find advanced threats and meet regulatory and compliance requirements

6 Security Event and Log Mgt. Vulnerability Mgt. Service
1 Identity Cost-effective user registration and access control of Cloud users Security Event and Log Mgt. Vulnerability Mgt. Service Requirement Capability Full life-cycle identity management (“cradle-to-grave”) for cloud-based users Federated single sign-on to multiple web-based and cloud applications with a single ID and password for employees, customers, BPs, vendors User self-service for identity creation and password reset Securely provision, manage, automate and track privileged access to critical enterprise resources Access, authorization control, and fraud prevention for applications and data in the cloud Automated management and risk-based enforcement of access control policies across every application, data source, operating system and even company boundaries Role-based identity and access management aligns users’ roles to their access capabilities, simplifies management and compliance Ability to track and log user activities, report violations, and prove compliance Security incident and event management for compliance reporting and auditing of users and their activities—in both cloud and traditional environments The ability to monitor, control, and report on privileged identities (e.g., systems and database administrators) for cloud-based administrators From a legal and regulatory perspective, you must be able to control, monitor and report on who is accessing what cloud-based resources, and for what purpose IBM solutions provide policy-based controls that address distinct user profiles and enable secure, authorized, audited and authenticated access—regardless of location or type of connection to cloud-delivered applications and workloads When millions of users need access to cloud-based resources, user provisioning (and de-provisioning) must be simple, efficient and scalable IBM federated identity management solutions help streamline life-cycle management and access control for internal and external users in the cloud A broad user base that can include employees, customers and partners accessing corporate applications and third party services By providing a federated approach, end users have a seamless sign-on experience to these applications, eliminating the need for multiple user IDs and passwords Varied requirements and access controls applied to different circumstances, and sensitive and non-sensitive data (for example, procuring access to future product designs vs. inviting customers to attend an upcoming marketing event) The federated approach also enables organizations to more effectively manage identities across cloud infrastructure while preserving the confidentiality of user data Limited resources, tight budgets and the desire not to duplicate existing IT security infrastructure just for the cloud Integrated password self-service capabilities allow users to easily reset their passwords online without the assistance of help desk staff. This helps improve staff productivity, enhance the user experience and reduce the number of help desk calls—ultimately saving money Addressing compliance requirements, reducing operational costs, enhancing security posture and developing operational efficiencies 6 6 6

7 IBM Identity and Access Management Vision
1 Identity IBM Identity and Access Management Vision Identity Management  Managing user identities and their rights to access resources throughout the identity life cycle is critical for effective identity and access management, in both our physical and logical worlds: Identity lifecycle management, with user self-care, enrollment, proofing, provisioning, recertification and de-provisioning Identity control, including access and privacy control, role management, single sign-on (SSO) and auditing Access Management Access Management provides timely access throughout the user's lifecycle – authenticating users and providing access to authorized users across multiple environments and security domains, while enforcing security policies and protecting against internal and external threats: Centralized control for consistent execution of security policies across multiple applications and users Single Sign-On (SSO) to improve the user experience and reduce help-desk costs Key Themes Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management

8 Four steps to data security in the Cloud
2 Data Four steps to data security in the Cloud Understand, define policy Discover where sensitive data resides Classify and define data types Define policies and metrics 1 Secure and protect Encrypt, redact and mask virtualized databases De-identify confidential data in non-production environments 2 Actively monitor and audit Monitor virtualized databases and enforce review of policy exceptions Automate and centralize the controls needed for auditing and compliance (e.g., SOX, PCI) Assess database vulnerabilities 3 As a Chief Security Officer or an IT Security manager, takes a look at how to protect the data – IBM provides specific sets of steps to take to achieve Data Security. With “Big Data” growing, cloud and mobile technologies and the requirements of regulations - The first step is to understand the various sources of data and where the data is held. Only after understanding where the data , one can develop security policies and apply that to the data. After the policies are applied, there is a necessity for constant monitoring and auditing. The information from Data monitoring and auditing has to be integrated with the security information from other security information to achieve an enterprise level security intelligence. IBM Data security solutions make all these activities achievable in a very effective manner. Guardium’s charter is in-depth handling of all aspects around the protection of critical data in databases. The benefit is that it helps customers: First, protect and prevent data breaches and fraud, from both internal and external sources Second, it helps control access to sensitive enterprise data (like in what is controlled through SAP, Peoplesoft, etc, and even some unstructure document data), thus assuring data governance and Third, it streamlines the process for compliance around data protection. Guardium provides the tools to slash compliance cost, by automating and centralizing the controls you need to comply with a variety of mandates, such as SOX or PCI. Because of our extensive heterogeneous support, this can be accomplished across all popular databases and applications, ensuring you can deploy a single solution enterprise-wide. Establish compliance and security intelligence Automate reporting customized for different regulations to demonstrate compliance in the Cloud Integrate data activity monitoring with security information and event management (SIEM) 4

9 Data Security Vision 2 Data Reduced Total Cost of Ownership Key Themes
QRadar Integration Across Multiple Deployment Models Key Themes Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data

10 Application security challenge: manage risk
1010 Application security challenge: manage risk 3 Applications 76% of CEOs feel reducing security flaws within business-critical applications is the most important aspect of their data protection programs 79% of compromised records used Web Apps as the attack pathway 81% of breached organizations subject to PCI were found to be non- compliant

11 Application Security Vision
3 Applications Application Security Vision Key Themes Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of- the-box scanning, static analysis templates and ease of use features Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform 11

12 Optimizing the patch cycle and help ensure the security of both traditional and Cloud computing assets Patch Management 4 Web App DB + + Distributed Endpoints Physical Servers Virtual Servers Customer Pain Points Time required to patch all enterprise physical , virtual, distributed, and cloud assets Lack of control over deployed and dormant virtual systems OS patch levels and related security configurations Capability Automatically manage patches for multiple OSs and applications across physical and virtual servers Reduce security and compliance risk by slashing remediation cycles from weeks to hours Patch running / offline / dormant VMs Continuously monitor and enforce endpoint configuration Customer Pains: We can’t afford the business risks of adopting Cloud solutions without some kind of assurance that our systems will be secure! Lack of effective Patch management represents the largest, primary risk. We spend a ridiculous amount of time patching all of our systems, physical and virtual, distributed and cloud assets. We have no effective way to manage potential security exposures for offline and suspended VM’s that haven’t been patched in weeks/months Operations teams have very little insight or control of deployed virtual systems OS patch levels, and related security configurations. Solution description: Include capabilities, not just products. Ensure talks to how the pains are addressed and business outcome achieved. Increase business agility by optimizing the patch cycle and ensuring the security of both traditional and cloud computing assets. Reduce costs and complexity of cloud management while increasing business agility, speed to remediation and accuracy Address the primary security challenges of distributed environments and centralized assets with a single solution

13 Security Challenges with Virtualization: New Complexities
Protect VMs 6 New complexities Dynamic relocation of VMs Increased infrastructure layers to manage and protect Multiple operating systems and applications per server Elimination of physical boundaries between systems Manually tracking software and configurations of VMs Hyperviser is attack vector Before Virtualization After Virtualization Virtualization introduces a whole new set of complexities when there are new VMs that can be instantly be created and moved and additional layers and multiple operating systems to manage. You go from a one to one relationship of operating systems and applications to a one to many relationship where the physical boundaries between the systems are now removed and there are 100s if not 1000s of VMs to track, configure, manage and secure. All of these new dynamics add new complexities. 1:1 ratio of OSs and applications per server 1:Many ratio of OSs and applications per server Additional layer to manage and secure

14 6 Protect VMs Example for Securing the Virtualized Runtime: IBM Security Virtual Server Protection for VMware vSphere 4 VMsafe Integration Firewall and Intrusion Prevention Rootkit Detection / Prevention Inter-VM Traffic Analysis Automated Protection for Mobile VMs (VMotion) Virtual Network Segment Protection Virtual Network-Level Protection Virtual Infrastructure Auditing (Privileged User) Virtual Network Access Control There have been 100 vulnerabilities disclosed across all of VMware’s virtualization products since 1999.* 57% of the vulnerabilities discovered in VMware products are remotely accessible, while 46% are high risk vulnerabilities.*

15 Security Intelligence: Integrating across IT silos
7 Security Intelligence Security Intelligence: Integrating across IT silos Security Devices Servers & Hosts Network & Virtual Activity Event Correlation Database Activity Offense Identification Activity Baselining & Anomaly Detection Application Activity Configuration Info Vulnerability Info User Activity High Priority Offenses Chevron - 2 billion log and events per day reduced to 25 high priority offenses. Automating the policy monitoring and evaluation process for configuration changes in the infrastructure. Real-time monitoring of all network activity, in addition to PCI mandates Extensive Data Sources Deep Intelligence Exceptionally Accurate and Actionable Insight + = JK Detecting threats Consolidating data silos Detecting insider fraud Predicting risks against your business Addressing regulatory mandates

16 IBM Security Framework: Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Systems IBM Security Framework built on the foundation of COBIT and ISO standards End-to-end coverage of the security domains Managed and Professional Services to help clients secure the enterprise Bringing of IBM’s security software and hardware products into one unified team will enable us to develop the integrated strategy and roadmap needed in today’s world of ever-increasing security complexity. We are building our team to provide and single voice of IBM security for the client and to support the CISO in developing 16

17 Security as a Service: IBM Security Services from the Cloud
Security-as-a-Service (SaaS) from IBM Managed Security Services Security Intelligence ● People ● Data ● Apps ● Infrastructure Security Event and Log Management Offsite management of security logs and events IBM X-Force® Threat Analysis Service Customized security threat intelligence based on IBM X-Force® research and development Application Security Management Help reduce data loss, financial loss and website downtime Managed Web and Security Help protect against spam, worms, viruses, spyware, adware and offensive content Mobile Device Security Management Help protect against malware and other threats while enabling mobile access Vulnerability Management Service Help provide proactive discovery and remediation of vulnerabilities IBM is not just a provider of security solutions for the cloud, but also a provider of security solutions delivered from the cloud. These solutions leverage a shared delivery platform and private cloud architecture to offer cloud-based vulnerability assessment, /web security and event/log management

18 IBM Best Cloud Computing
Key Cloud Resources IBM Research and Papers Special research concentration in cloud security, including white Papers, Redbooks, Solution Brief – Cloud Security IBM X-Force Proactive counter intelligence and public education IBM Institute for Advanced Security Cloud Security Zone and Blog (Link) Customer Case Study EXA Corporation creates a secure and resilient private cloud (Link) Other Links: IBM Media series – SEI Cloud Security (Link) External IBM.COM : IBM Security Solutions (Link) External IBM.COM : IBM SmartCloud– security (Link) IBM SmartCloud security video (Link) Rolodex - Customer councils, standards participation, technical studies IBM X-Force Research and monitor latest security trends Advise customers on emerging and critical threats Deliver security content to protect IBM customers from threats IBM Research Trusted Virtual Data Center Security Services in Virtualized Environments Security audits of heterogeneous virtual environments TClouds – Trustworthy Clouds Introspection-based Security Homomorphic Encryption Outsourcing Computation to Untrusted Workers IBM Best Cloud Computing Security

19 Mandatory Thank You Slide (available in English only).
19

20 IBM Security Systems Cloud-ready security solutions span the portfolio
QRadar Security Intelligence Federating identities for public and hybrid cloud environments Security Application Scanning for cloud based applications Virtual IPS for VMware ESX / ESXi hosts and workloads Virtual IPS for virtual network edge protection Virtual IPS for virtual network edge protection Virtual IPS for virtual network edge protection Federated Identity Manager – Business Gateway AppScan Static / Dynamic Analysis Virtual Server Protection Network IPS Virtual Applicance Endpoint Manager / SmartCloud Patch Guardium database monitoring and protection

Download ppt "2nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014)"

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C97-721796-00.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Security Business Partner Guide Value Propositions

Security Business Partner Guide Value Propositions
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Similar presentations

Ads by Google