Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

Published bySamantha Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for."— Presentation transcript:

1 © 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for Advanced Security Europe

2 © 2012 IBM Corporation IBM Security Systems 2 This session aims to stimulate discussion and will consider three areas  What is different about cloud?  What are the new security challenges cloud introduces?  What can be done and what should be considered further?

3 © 2012 IBM Corporation IBM Security Systems 3 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing have become the most widely talked about inhibitor of widespread usage. To gain the trust of organizations, cloud services must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments. The same way transformational technologies of the past overcame concerns – PCs, outsourcing, the Internet. Trust Traditional ITIn the Cloud Security and Privacy Expectations

4 © 2012 IBM Corporation IBM Security Systems 4 What is different about Cloud?

5 © 2012 IBM Corporation IBM Security Systems 5 Cloud Deployment/Delivery and Security Depending on an organization's readiness to adopt cloud, there are a wide array of deployment and delivery options

6 © 2012 IBM Corporation IBM Security Systems 6 What are the new security challenges cloud introduces?

7 © 2012 IBM Corporation IBM Security Systems 7 Different cloud deployment models also change the way we think about security Private cloudPublic cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Available to the general public or a large industry group and owned by an organization selling cloud services. Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability − Customer responsibility for infrastructure − More customization of security controls − Good visibility into day-to-day operations − Easy to access to logs and policies − Applications and data remain “inside the firewall” − Provider responsibility for infrastructure − Less customization of security controls − No visibility into day-to-day operations − Difficult to access to logs and policies − Applications and data are publically exposed Changes in Security and Privacy

8 © 2012 IBM Corporation IBM Security Systems 8 Workloads may be at Different Levels of Cloud Readiness May not yet be ready for migration... Sensitive Data Highly Customized Not yet virtualized 3 rd party SW Complex processes & transactions Regulation sensitive Ready for Cloud New workloads made possible by clouds... Collaborative Care Medical Imaging Financial Risk Energy Management Analytics Infrastructure Storage Industry Applications Collaboration Workplace, Desktop & Devices Business Processes Disaster Recovery Development & Test Infrastructure Compute Information intensive Isolated workloads Mature workloads Pre- production systems Batch processing Market bias: Private cloud Public cloud

9 © 2012 IBM Corporation IBM Security Systems 9 Approaches to delivering security need to align with each phase of a client’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Example security capabilities  Cloud security roadmap  Secure development  Network threat protection  Server security  Database security  Application security  Virtualization security  Endpoint protection  Configuration and patch management  Identity and access management  Secure cloud communications  Managed security services Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. IBM Cloud Security Approach

10 © 2012 IBM Corporation IBM Security Systems 10 What can be done and what should be considered further?

11 © 2012 IBM Corporation IBM Security Systems 11 What can be done and what should be considered further?  Define a cloud strategy with security in mind –Identify the different workloads and how they need to interact. Which models are appropriate based on their security and trust requirements and the systems they need to interface to?  Identify the security measures needed –Using a framework such as the one IBM uses, the IBM Security Framework and Blueprint, allows teams to capture the measures that are needed in areas such as governance, architecture, applications and assurance.  Enabling security for the cloud. –The upfront set of assurance measures you will want to take. Assessing that the applications, infrastructure and other elements meet your security requirements, as well as operational security measures.

12 © 2012 IBM Corporation IBM Security Systems 12 ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Download ppt "© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for."

Similar presentations

IBM Industry Security Electric Sector Security Awareness Rising

IBM Industry Security Electric Sector Security Awareness Rising
© 2009 IBM Corporation iEA16 Defining and Aligning Requirements using System Architect and DOORs Paul W. Johnson CEO / President Pragmatica Innovations.

© 2009 IBM Corporation iEA16 Defining and Aligning Requirements using System Architect and DOORs Paul W. Johnson CEO / President Pragmatica Innovations.
RTC Agile Planning Component

RTC Agile Planning Component
® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.

® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
® IBM Software Group © 2013 IBM Corporation Innovation for a smarter planet Timeboxes in a New Paradigm of Behavior Modeling Barclay Brown, ESEP IBM

® IBM Software Group © 2013 IBM Corporation Innovation for a smarter planet Timeboxes in a New Paradigm of Behavior Modeling Barclay Brown, ESEP IBM
© 2011 IBM Corporation Overview on Modeling RESTful Services August, 2011 Manoj Paul, Software Developer, Rational,

© 2011 IBM Corporation Overview on Modeling RESTful Services August, 2011 Manoj Paul, Software Developer, Rational,
© 2009 IBM Corporation Ian Shave IBM Systems and Technology Group A New Era in Midrange Storage.

© 2009 IBM Corporation Ian Shave IBM Systems and Technology Group A New Era in Midrange Storage.
Click to add text © 2012 IBM Corporation 1 Streams Toolkit Landscape InfoSphere Streams Version 3.0 Mike Branson Toolkits.

Click to add text © 2012 IBM Corporation 1 Streams Toolkit Landscape InfoSphere Streams Version 3.0 Mike Branson Toolkits.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force Threat Intelligence Quarterly 2Q 2014 Diana Kelley Executive Security.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force Threat Intelligence Quarterly 2Q 2014 Diana Kelley Executive Security.
® IBM Software Group © 2012 IBM Corporation OPTIM Data Studio – 3.1.1 Jon Sayles, IBM/Rational November, 2012.

® IBM Software Group © 2012 IBM Corporation OPTIM Data Studio – Jon Sayles, IBM/Rational November, 2012.
© 2014 IBM Corporation The insights to transform the business with speed and conviction Kevin Redmond Head of Information Management Central & Eastern.

© 2014 IBM Corporation The insights to transform the business with speed and conviction Kevin Redmond Head of Information Management Central & Eastern.
© 2009 IBM Corporation ® IBM Lotus Notes and Domino Product Roadmap April 2009.

© 2009 IBM Corporation ® IBM Lotus Notes and Domino Product Roadmap April 2009.
© 2012 IBM Corporation May 2012 Rational Token Licensing: Licensing Adaptable to Changing User Needs.

© 2012 IBM Corporation May 2012 Rational Token Licensing: Licensing Adaptable to Changing User Needs.
© 2009 IBM Corporation Select View/Master/Slide Master to add Session Number Here The Enterprise Architecture Workspace: Your Architecture Blueprint Martin.

© 2009 IBM Corporation Select View/Master/Slide Master to add Session Number Here The Enterprise Architecture Workspace: Your Architecture Blueprint Martin.
IBM ISPF Productivity Tool © 2008 IBM Corporation IBM ISPF Productivity Tool for z/OS V 5.10 More Than Just ISPF.

IBM ISPF Productivity Tool © 2008 IBM Corporation IBM ISPF Productivity Tool for z/OS V 5.10 More Than Just ISPF.
SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

Similar presentations

Ads by Google