SlideShare uma empresa Scribd logo

Strategies for assessing cloud security

IBM India Smarter Computing
IBM India Smarter Computing
TecnologiaNegócios
1 de 6
Baixar para ler offline
IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01

Recomendados

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
bornresearcher
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
Epoch Universal, Inc.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
CloudSmartz
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET Journal
 

Recomendados

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
bornresearcher
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
Epoch Universal, Inc.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
CloudSmartz
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET Journal
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
sophiabelthome
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
IOSR Journals
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
IJCNCJournal
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
INFOGAIN PUBLICATION
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
IOSR Journals
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
Ericsson
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
Journal For Research
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
ijsrd.com
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
Quadrisk
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
cherry686017
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
IOSR Journals
 

Mais conteúdo relacionado

Mais procurados

Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
IJCNCJournal
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
ijsrd.com
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 

Mais procurados (19)

International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 

Semelhante a Strategies for assessing cloud security

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
cherry686017
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
AJASTJournal
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
AJASTJournal
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 

Semelhante a Strategies for assessing cloud security (20)

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
3822424.ppt
3822424.ppt3822424.ppt
3822424.ppt
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 

Mais de IBM India Smarter Computing

Mais de IBM India Smarter Computing (20)

Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments
 
All-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage EfficiencyAll-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage Efficiency
 
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
 
IBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product GuideIBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product Guide
 
IBM System x3250 M5
IBM System x3250 M5IBM System x3250 M5
IBM System x3250 M5
 
IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4
 
IBM System x3650 M4 HD
IBM System x3650 M4 HDIBM System x3650 M4 HD
IBM System x3650 M4 HD
 
IBM System x3300 M4
IBM System x3300 M4IBM System x3300 M4
IBM System x3300 M4
 
IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4
 
IBM System x3500 M4
IBM System x3500 M4IBM System x3500 M4
IBM System x3500 M4
 
IBM System x3550 M4
IBM System x3550 M4IBM System x3550 M4
IBM System x3550 M4
 
IBM System x3650 M4
IBM System x3650 M4IBM System x3650 M4
IBM System x3650 M4
 
IBM System x3500 M3
IBM System x3500 M3IBM System x3500 M3
IBM System x3500 M3
 
IBM System x3400 M3
IBM System x3400 M3IBM System x3400 M3
IBM System x3400 M3
 
IBM System x3250 M3
IBM System x3250 M3IBM System x3250 M3
IBM System x3250 M3
 
IBM System x3200 M3
IBM System x3200 M3IBM System x3200 M3
IBM System x3200 M3
 
IBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and ConfigurationIBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and Configuration
 
A Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization PerformanceA Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization Performance
 
IBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architectureIBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architecture
 
X6: The sixth generation of EXA Technology
X6: The sixth generation of EXA TechnologyX6: The sixth generation of EXA Technology
X6: The sixth generation of EXA Technology
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Strategies for assessing cloud security

  • 1. IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
  • 2. 2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
  • 3. IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
  • 4. 4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
  • 5. IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
  • 6. For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01