Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

Published byJonathan Patrick Modified over 9 years ago

Similar presentations

Presentation on theme: "Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics."— Presentation transcript:

1

2 Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics Private Cloud Reference Model Private Cloud Security Model Private Cloud Security Principles

3

4 Is Knowing Architecture Useful? “Architects are space cadets” “Architects draw star charts” “Architects don’t have demos or HOLs” “Architects can’t do anything (don’t know how to do anything)” “I don’t know any architects” “I’ve never needed an architect” “What’s an architect?”

5 What’s in it for me?

6

7

8 Reviewing the Cloud Impact REDUCED MANAGEMENTNEW ECONOMICS INCREASED PRODUCTIVITY

9 Cloud Security Challenges

10 Defense in Depth Approach Multiple Layers of Protection

11

12 Security Responsibility

13 Shared Tenant Model Multiple orgs and divisions Multitenancy in private cloud Authentication Authorization Access controls Requires logical separation VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

14 Virtualization Platform Mobile Workloads Automated Mobility Unlinked from Px Security Tools Playing catch-up Virtualization of Security Controls Integrate with the private cloud fabric Provide separate configuration interfaces Provide programmable elastic, on- demand services Support policies governing logical attributes Enable trust zones separating multiple tenants in a dynamic environment

15

16 Principles provide general rules and guidelines to support the evolution of a secure cloud infrastructure. They are enduring, seldom amended, and inform and support the way you secure the private cloud. These principles form the basis on which a secure cloud infrastructure is planned, designed and created The Eleven Private Cloud Security Principles Limit “routing” Use strong cryptography Minimize attack service Audit extensively Strong GRC Automate security operations Security is a wrapper All data locations accessible Attackers are AuthN and AuthZ Enforce Isolation Apply generic security best practices

17

18 Resource Pooling As a consumer (tenant) of the services offered by a private cloud in my enterprise, I require that application data is secure, no one else can access it, and that the data is safe if something untoward occurs Prevent leakage between tenants AAA Also applies to administrators Role Based Access Control

19 On-Demand Self-Service As the architect, designer, or operator of a private cloud solution, how do I control who has access to my private cloud services and how do I monitor and audit the use of my services? Who has authority to: DemandProvisionUseRelease

20 Rapid Elasticity I am concerned that a rogue application, client, or denial of service (DoS) attack might destabilize the data center by requesting a large amount of resources. How do I reconcile the perception of infinite resources with reality?

21 Broad Network Access As an architect of a private cloud solution, I want to be sure that an appropriate level of security applies regardless of client location and regardless of form factor. This requirement applies to both cloud management and application security. Bring Your Own Device Assess device stateApplication access controlData on device

22 Broad Network Access - Reperimeterization Driven By: IPv6 Porous borders “Tail Chasing” Cost/benefit

23

24 Reference Model

25

26 Security Model

27 Virtualization Security Windows Kernel Server Core Virtualization Stack Device Drivers Windows hypervisor VM Worker Processes Guest Partitions Ring 0 Ring 3 OS Kernel VMBus Guest Applications Root Partition CPU Storage NIC Ring 0 Ring 3 “Ring “-1”

28 Physical Network Isolation

29 Data Center’s Physical Servers Guest OS Data-Center Network Logical Network Isolation

30 Next Steps http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for-private- cloud-security.aspx

31 Questions

32 We have some books for you!!

Download ppt "Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing to Satisfy Peak Capacity Needs Case Study.

Cloud Computing to Satisfy Peak Capacity Needs Case Study.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Virtualization and the Cloud

Virtualization and the Cloud
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.

6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.
Cloud Usability Framework

Cloud Usability Framework
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Similar presentations

Ads by Google