Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

Published byJoanna Martin Modified over 9 years ago

Similar presentations

Presentation on theme: "©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect."— Presentation transcript:

1 ©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect

2 2©2012 Check Point Software Technologies Ltd. Security as a Service  Not the topic of this presentation  Many types of security services: –Mail Security (Postini) –Web Security (ZScaler) –DDoS (Prolexic) –Anti-Virus (VirusTotal)  Many security offerings rely on Cloud Services (e.g. signature updates, reputation services etc.)

3 3©2012 Check Point Software Technologies Ltd.  Cloud can mean many things: –IaaS (AWS EC2, Google Compute Engine) –PaaS (Facebook Apps, AWS BeanStalk) –SaaS (SalesForce, Facebook) –Private / Public / Community clouds –Enterprise / Consumer

4 4©2012 Check Point Software Technologies Ltd. Public cloud - new Security concerns  Physical security  Data lifecycle  Foreign governments  Multi-tenants: –Hypervisor attacks –Network attacks: –Sniffing –Spoofing –DDoS

5 5©2012 Check Point Software Technologies Ltd. Security Built-in?  The big cloud providers are taking security into consideration: –http://www.windowsazure.com/en-us/support/trust- center/security/http://www.windowsazure.com/en-us/support/trust- center/security/ –http://aws.amazon.com/security/http://aws.amazon.com/security/ –https://trust.salesforce.com/trust/security/https://trust.salesforce.com/trust/security/  Seems like economies of scale play in favor of both parties: –The cloud provider is likely to have better security knowhow –Improved resiliency under attacks (DDoS & DR)

6 6©2012 Check Point Software Technologies Ltd. Separation of Responsibilities

7 7©2012 Check Point Software Technologies Ltd. Separation of Responsibilities  Customers can only manage security at the tiers they are responsible for  Customers must manage security at the tiers they are responsible for  Example: –In a PaaS Enviornment: –The cloud provider is responsible for patching the OS layer –The customer needs to make sure there are no vulnerabilities in his application code

8 8©2012 Check Point Software Technologies Ltd. S3  A “Simple Storage Service”  Upload and download of data objects  Data in motion: –SSL/TLS  Data at rest: –Client side encryption + key management –Server side encryption  A simple service with little security implications

9 9©2012 Check Point Software Technologies Ltd. SalesForce  The de-facto standard in CRM (customer relationship management)  Enjoy a big corporates install base  Stores very sensitive corporate data (list of customers, potential deals etc.)  Security concerns: –Authorization and access control –Data Loss Prevention

10 10©2012 Check Point Software Technologies Ltd. Authentication to cloud Apps  Requirements (enterprise) –Strong authentication –Single sign on –Automatic User de-provisioning –Support office, remote and mobile users –Support multiple SaaS providers  Solutions: –SAML- for corporate –OpenID- mostly for consumer –OAuth - “machine to machine”

11 11©2012 Check Point Software Technologies Ltd. SAML source: Google

12 12©2012 Check Point Software Technologies Ltd. Data at rest – SalesForce (and others)  Solution: –A proxy + tokenization/encryption service (e.g. CipherCloud) –Difficulty around ‘search’ functionality: –compromise security –Homomorphic encryption? –Fragile and limited

13 13©2012 Check Point Software Technologies Ltd. Network architecture  Network architectures: –Blurred perimeter: –Limited network topologies –Multiple cloud providers - similar but different –Limited or no control over tiers managed by the cloud provider –SDN  Overlay of security management: – –Cross vendor / region –Dynamically close/open ACLs –Dynamically close/open host FWs

14 14©2012 Check Point Software Technologies Ltd. Question  Thank you

Download ppt "©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect."

Similar presentations

Gold Sponsors Bronze Sponsors Silver Sponsors Taking SharePoint to the Cloud Aaron Saikovski Readify – Software Solution Specialist.

Gold Sponsors Bronze Sponsors Silver Sponsors Taking SharePoint to the Cloud Aaron Saikovski Readify – Software Solution Specialist.
1 Cloud Computing with Amazon and Oracle Lewis Cunningham TUSC, Sr Datawarehouse Consultant

1 Cloud Computing with Amazon and Oracle Lewis Cunningham TUSC, Sr Datawarehouse Consultant
Dr. Bhavani Thuraisingham June 2013

Dr. Bhavani Thuraisingham June 2013
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.

Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.

© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.

INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.
Software Engineering for Cloud Computing Rao, Feng 04/27/2011.

Software Engineering for Cloud Computing Rao, Feng 04/27/2011.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Travis, Stephanie, Alex.  Cloud computing is a general term for anything that involves delivering hosted services over the Internet.  These services.

Travis, Stephanie, Alex.  Cloud computing is a general term for anything that involves delivering hosted services over the Internet.  These services.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?

Similar presentations

Ads by Google