Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 IBM Corporation 1 IBM Security Systems Cloud Security Clouds can be secure IBM Security Systems April 2014.

Published byBuck Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2014 IBM Corporation 1 IBM Security Systems Cloud Security Clouds can be secure IBM Security Systems April 2014."— Presentation transcript:

1 © 2014 IBM Corporation 1 IBM Security Systems Cloud Security Clouds can be secure IBM Security Systems April 2014

2 © 2014 IBM Corporation 2 IBM Security Systems Cloud Security Motivations and sophistication are rapidly evolving National Security Nation-state actors Stuxnet Espionage, Activism Competitors and Hacktivists Aurora Monetary Gain Organized crime Zeus Revenge, Curiosity Insiders and Script-kiddies Code Red

3 © 2014 IBM Corporation 3 IBM Security Systems Cloud Security Source: IBM X-Force ® Research 2011 Trend and Risk Report Attack Type SQL Injection URL Tampering Spear Phishing 3 rd Party Software DDoS SecureID Trojan Software Unknown JanFebMarAprMayJunJulAugSepOctNovDec 2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Reported attacks continue to increase Marketing Services Online Gaming Central Government Gaming Internet Services Online Gaming Online Services Online Gaming IT Security BankingIT Security Government Consulting IT Security Tele- communic ations Enter- tainment Consumer Electronics Agriculture Apparel Insurance Consulting Consumer Electronics Internet Services Central Govt Entertainment Defense Consumer Electronics Central Government Consumer Electronics National Police State Police Police Gaming Financial Market Online Services Consulting Defense Heavy Industry Entertainment Banking Size of circle estimates relative impact of breach in terms of cost to business Source: IBM X-Force ® Research 2013 Trend and Risk Report 2013 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

4 © 2014 IBM Corporation 4 IBM Security Systems Cloud Security Security remains #1 inhibitor to broad scale cloud adoption 4 2012 Cloud Computing – Key Trends and Future Effects – IDG

5 © 2014 IBM Corporation 5 IBM Security Systems Cloud Security... Cloud adoption tests the limits of managing security and risk People Application Infrastructure Data Governance, Risk and Compliance Security and Privacy Domains Privileged, Federated identity Moving data to dedicated vs shared Audit silos, compliance controls Software defined environments Rapid application composition & APIs To the Cloud Self-Service Highly Virtualized Location Independence Workload Automation Rapid Elasticity Standardization Access expands Perimeters disappear Responsibilities change Control shifts App delivery speeds up Visibility decreases In the Cloud Affects all aspects of IT security

6 © 2014 IBM Corporation 6 IBM Security Systems Cloud Security Cloud computing changes the way we think about security Private cloudPublic cloud. Hybrid IT  High multi-tenancy and data separation  Image management and compliance  Security of the virtual / hypervisor layer  Virtual network visibility  Need for Service Level Agreements (SLAs)  Provider responsibility for infrastructure  Customization of security controls  Visibility into day-to-day operations  Access to logs and policies  Public exposure of applications and data Changes in Security, Privacy, and Control Security responsibility and control passes from consumer to provider, presenting unique challenges

7 © 2014 IBM Corporation 7 IBM Security Systems Cloud Security Proactive defense with Security intelligence Integrated solutions across domains for a unified view Scalable and Open Standards based Security across all domains of identity, Applications, Data & Infrastructure IBM Cloud security differentiation

8 © 2014 IBM Corporation 8 IBM Security Systems Cloud Security Cloud is an opportunity for enhanced security Manage your risk across cloud apps, services Establish your risk posture Protect your data Know your user Gain assurance of your apps Protect against threats and fraud 1 2 3 4 5 Professional, Managed, and Cloud Services

9 © 2014 IBM Corporation 9 IBM Security Systems Cloud Security IBM Cloud Security Intelligence capabilities Security Intelligence Administer, secure, and extend identity and access to and from the Cloud Secure enterprise databases Build, test and maintain secure Cloud applications Prevent advanced threats with layered protection and analytics Identity Protection Data and Application Protection Threat Protection 13-04-02 Activity baselining & anomaly identification Correlation Offense Identification Credibility Severity Relevance Correlation Logs / events Flows IP reputation Geographic location User activity Database activity Application activity Network Activity 1 2 3 4 5

10 © 2014 IBM Corporation 10 IBM Security Systems Cloud Security Security Intelligence helps establish a view of risk posture What are the external and internal threats? Are we configured to protect against these threats? What is happening right now? What was the impact? 1

11 © 2014 IBM Corporation 11 IBM Security Systems Cloud Security Data security is an ongoing process Find sensitive data Prevent unauthorized activities Secure the repository Discovery Classification Identity Access Mgmt Activity Monitoring Blocking Quarantine Masking Encryption Assessment Masking/Encryption How can I check for vulnerabilities? Where is my sensitive data? Control access Protect sensitive data How to prevent unauthorized access? Record events Who is using it? How often? How can I produce activity reports? How to can I avoid sending sensitive data to the Cloud? How do I encrypt data and protect hypervisors and virtual machines? How do I find my data in a SaaS environment? How do I report on images for public clouds? 2  123XJE DiscoverHardenMonitorBlockMask

12 © 2014 IBM Corporation 12 IBM Security Systems Cloud Security Enable user access to cloud services & integrate identity into cloud apps  Identity federation to Cloud applications  Governance of employee access to Cloud, SaaS apps  Traditional identity vendors and niche vendors offer SaaS federation Consumers Form login OAuth SAML Login 3 Identity Federation Login Employees Public Cloud Private Cloud

13 © 2014 IBM Corporation 13 IBM Security Systems Cloud Security Security should be part of the design, not an afterthought Development Integrations Deployment 4 Application security and assurance framework Scan Applications Rank and Validate Applications Deploy Applications Adopt secure engineering practices by scanning application source code as part of development lifecycle Gain a view of risk posture of deployed applications based on dynamic analysis of applications at runtime Deploy cloud, web and mobile applications with confidence and informed view of risk

14 © 2014 IBM Corporation 14 IBM Security Systems Cloud Security Provide integrated threat protection for the Cloud Infrastructure Users 1 3 2 Helping protect customers with advanced threat prevention at the network layer ‒ by strengthening and integrating network security, analytics and threat Intelligence capabilities Advanced Threat Protection Platform Providing packet, content, file and session inspection to stop threats from entering the corporate network Security Intelligence Platform Tight integration between Network Security products, X-Force intelligence feeds, and QRadar SIEM product with purpose-built QRadar analytics and reporting for threat detection and remediation X-Force Threat Intelligence Threat intelligence feeds and feedback loops leveraging Cobion web and email filtering data, Managed Security Services data sets, and expanding into botnet, IP reputation 5 1 2 3

15 © 2014 IBM Corporation 15 IBM Security Systems Cloud Security Industry analysts rank IBM Security as leading the market DomainMarket Segment / Report Security Analyst Report Rankings Gartner Magic Quadrant Forrester Wave IDC Market Share Security Intelligence Security Information and Event Management (SIEM) Leader 2013 Leader 2011 Anti-FraudWeb Fraud Detection Leader 2013 People Identity and Access Governance Challenger 2013 Leader 2013 User Provisioning and Administration Leader 2013 Role Management and Access Recertification Contender 2011 Web Access Management (WAM) Leader 2013 MarketScope Data Database Auditing and Real-Time Protection Leader 2011 Data Masking Leader 2013 ApplicationsApplication Security Testing (dynamic and static) Leader 2013 Leader 2013 Infrastructure Network Intrusion Prevention Systems (NIPS) Challenger 2012 EndPoint Protection Platforms (EPP) Visionary 2013 Strong Performer 2013 Services Managed Security Services (MSS) Leader 2012 Leader 2012 Information Security Consulting Services Leader 2013 Report not available Note: Rankings compiled from latest available analyst reports as of July, 2013

16 © 2014 IBM Corporation 16 IBM Security Systems Cloud Security  109,000 IBM employees use Blue Insight, the world’s largest business analytics private cloud.  1,800 IBM marketers across 6 continents utilize IBM cloud-based Marketing Operations daily.  6,000 IBM users of Blueworks Live to improve internal business processes  200 million minutes of IBM web conferencing with LotusLive Meetings.  Avoiding over $20M in expenses over 5 years with our private analytics cloud  1,200 users in IBM China development labs, plus IBM Call Center teams in the United States and India, have migrated to a desktop cloud environment. 16 © 2012 IBM Corporation IBM’s internal use of secure cloud computing extends across the entire organization and transformed the business on multiple levels

17 © 2014 IBM Corporation 17 IBM Security Systems Cloud Security Client Success – Improved visibility in the cloud Large cloud service provider needed: Incorporating intelligence and an integrated risk-based approach across the enterprise IBM Security Solution IBM Security QRadar SIEM Business Value Scales to large volumes User friendly reporting Quick search and review of logs Reasonable cost of ownership Improved security and visibility into virtual Infrastructure Better visibility into sensors logs from across the environment Support for ad hoc search across large data sets

18 © 2014 IBM Corporation 18 IBM Security Systems Cloud Security Client Success – Improved access management toward a secure and resilient private cloud An innovative, simulation-driven design solutions engineering company needed: IBM Solutions IBM Security Virtual Server Protection for VMware IBM Security Federated Identity Manager Business Value Reduces costs, improves security and disaster resiliency Improves flexibility and scalability and reduces risk A unified access solution to manage servers located in multiple offices Flexibility and efficiencies of cloud computing, while not comprising security and resiliency of the existing services Enables EXA to offer secure cloud-based services to its customers with confidence "Besides the cost reduction, one major advantage is that we will be able to offer cloud- based services for our customers with confidence.“ Mr. Masaru Ito, Sales and Business Planning Leader, Cloud Services Division, EXA Corporation

19 © 2014 IBM Corporation 19 IBM Security Systems Cloud Security Client Success – French energy company securing access to public clouds Client required secure access using a centralized identity management solution to public SaaS applications – including Google Apps and Salesforce.com IBM Solutions IBM Federated Identity Manager and IBM Identity Manager hosted by IBM Business Value Secure, worldwide access to Software as a Service applications Flexibility and confidence that will scale to meet a growing business, whilst reducing risk Provided strong authentication solution for secure access to the cloud infrastructure and provisioning and de- provision of users in the cloud providers registry

20 © 2014 IBM Corporation 20 IBM Security Systems Cloud Security Cloud Standards Customer Council (CSCC) Global membership - over 350 companies participating http://www.cloud-council.org/ Future standards ….ISO27017 is being developed to supplement ISO27001/27002 security control standards with controls that are specific to cloud computing model. Publication likely mid 2013

21 © 2014 IBM Corporation 21 IBM Security Systems Cloud Security Own the security agenda for innovation Embed security on day one Leverage cloud, mobile, social, and big data to improve security Develop a risk-aware security strategy Deploy a systematic approach to security Harness the knowledge of professionals Use intelligence and anomaly detection across every domain Build an intelligence vault around your crown jewels Prepare your response for the inevitable IBM helps customers thwart attackers and seize new opportunities Develop an integrated approach to stay ahead of the threat Proactively implement and optimize security to innovate faster Use insights and analytics to build smarter defenses

22 © 2014 IBM Corporation 22 IBM Security Systems Cloud Security 22 ibm.com/smartcloud © 2012 IBM Corporation

Download ppt "© 2014 IBM Corporation 1 IBM Security Systems Cloud Security Clouds can be secure IBM Security Systems April 2014."

Similar presentations

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
IBM DEVELOP, NETWORK, PROMOTE & GROW Cloud Transformation: What are the risks, pitfalls and challenges to be addressed? Steve Strutt, CTO Cloud Computing,

IBM DEVELOP, NETWORK, PROMOTE & GROW Cloud Transformation: What are the risks, pitfalls and challenges to be addressed? Steve Strutt, CTO Cloud Computing,
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.

IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

Similar presentations

Ads by Google