SlideShare uma empresa Scribd logo

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Stefaan Van daele
Stefaan Van daele

This is the presentation I have given at the Secure Cloud 2014 conference in Amsterdam with a small update: it contains the link to the website with additional information about security use cases in the different Cloud models ( IaaS, PaaS, SaaS )

Tecnologia
1 de 20
Baixar para ler offline
© 2014 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation Security Building Blocks of the Cloud Computing Reference Architecture Stefaan Van daele Senior Security Architect – IBM Europe stefaan_vandaele at be.ibm.com stefaanvda http://www.linkedin.com/in/stefaanvdaele
© 2014 IBM Corporation IBM Security Systems 22 Security Requirements in Cloud Solutions
© 2014 IBM Corporation IBM Security Systems 3 Different cloud deployment models also change the way we think about security Private cloud Public cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Available to the general public or a large industry group and owned by an organization selling cloud services. Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability - Customer responsibility for infrastructure − More customization of security controls − Good visibility into day-to-day operations − Easy to access to logs and policies − Applications and data remain “inside the firewall” − Provider responsibility for infrastructure − Less customization of security controls − No visibility into day-to-day operations − Difficult to access to logs and policies − Applications and data are publically exposed Changes in Security and Privacy
© 2014 IBM Corporation IBM Security Systems 4 Minimizing the risks of cloud computing requires a strategic approach  Define a cloud strategy with security in mind – Identify the different workloads and how they need to interact. – Which models are appropriate based on their security and trust requirements and the systems they need to interface to?  Identify the security measures needed – Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as governance, architecture, applications and assurance. Enabling security for the cloud – Define the upfront set of assurance measures that must be taken. – Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational security measures.
© 2014 IBM Corporation IBM Security Systems 5 Our approach to delivering security aligns with each phase of an organization’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Example security capabilities  Cloud security roadmap  Secure development  Network threat protection  Server security  Database security  Application security  Virtualization security  Endpoint protection  Configuration and patch management  Identity and access management  Secure cloud communications  Managed security services Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. IBM Cloud Security Approach
© 2014 IBM Corporation IBM Security Systems 6 Adoption patterns are emerging for successfully beginning and progressing cloud initiatives IBM Cloud Security - One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
© 2014 IBM Corporation IBM Security Systems 7 Capabilities provided to consumers for using a provider’s applications Key security focus: Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies Integrated service management, automation, provisioning, self service Key security focus: Infrastructure and Identity  Manage datacenter identities  Secure virtual machines  Patch default images  Monitor logs on all resources  Network isolation Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Key security focus: Applications and Data  Secure shared databases  Encrypt private information  Build secure applications  Keep an audit trail  Integrate existing security Advanced platform for creating, managing, and monetizing cloud services Key security focus: Data and Compliance  Isolate cloud tenants  Policy and regulations  Manage security operations  Build compliant data centers  Offer backup and resiliency Each pattern has its own set of key security concerns Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Security Intelligence – threat intelligence, user activity monitoring, real time insights
© 2014 IBM Corporation IBM Security Systems 88 Cloud Computing Reference Architecture (CCRA)
© 2014 IBM Corporation IBM Security Systems 9 March 2009 Initiated CCAB SC CCMP Reference Architecture Early 2012 • Release CCRA 2.5 • Reach milestone of ~1500 IBMers formally educated on the CCRA July 2011 Released “CCRA 2.0 for Business Partners” February 2011 Submitted CCRA to The Open Group Evolution of the Cloud Computing Reference Architecture (CCRA 3.0) November 2012 • Release CCRA 3.0 • Adoption Patterns  Prescriptive guidance on IaaS/PaaS/CSP/SaaS March 2011 Release CCRA 2.0March 2010 Published CC & CCMP Reference Architecture 1.0 October 2010 Used in Cloud Launch and various customer/analyst sessions April 2011 Public Cloud RA whitepaper available on ibm.com 2012/13 CCRA Standardization ongoing Defined overall architectural foundation Added product- and –integration focused solution architectures
© 2014 IBM Corporation IBM Security Systems 10 Represents the aggregate experience from hundreds of cloud client engagements and IBM-hosted cloud implementations –Based on knowledge of IBM’s services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies Reflected in the design of – Clouds IBM implements for clients – IBM-hosted cloud services – IBM cloud appliances – IBM cloud products Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc The IBM Cloud Computing Reference Architecture (CCRA) Governance Security, Resiliency, Performance & Consumability Cloud Service Creator Cloud Service Consumer Cloud Service Provider Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service Business-Process- as-a-Service Business Support Services (BSS) Cloud Service Integration Tools Consumer In-house IT Service Creation Tools Infrastructure Existing & 3rd party services, Partner Ecosystems CCRA 3.0 Common Reference Architecture Foundation Cloud-enabled data center / building IaaS Platform Services Cloud Service Provider Building SaaS
© 2014 IBM Corporation IBM Security Systems 11 CCRA Detailed Overview
© 2014 IBM Corporation IBM Security Systems 12 CCRA Security Component Model *Infrastructure Includes – Server, Network, Storage Security Components Security Intelligence, Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8ee7_4e49c1ef5d22/p age/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0 Additional information can be found here :
© 2014 IBM Corporation IBM Security Systems 13 Using the IBM Security Framework, we articulate the way we address security in the Cloud in terms of Foundational Controls IBM Cloud Security Reference Model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security DeployDesignConsume
© 2014 IBM Corporation IBM Security Systems 14 Understand Client Define Client Requirements Design Solution Detail Design Define Roadmap & 1st Project Business Driver Actors and use cases Non-functional requirements System context Architecture decisions Architecture overview Component model Operational model Solution integration Details Cloud roadmap Project description Viability Assessment Solution Approach - Summary Get a thorough understanding of their existing IT environment and identify the client’s Cloud Adoption Pattern Identify actors, workloads and associated use cases and identify security requirements for each scenario Define the Architecture Overview Identify the building blocks and controls needed leveraging the IBM Security Framework and Cloud Foundational Controls Define the project plan with overall timeline, phases and key milestones, and overall delivery Use the CCRA Security Component Model to identify required components and their interactions for the solution Realize the component by mapping to the capabilities in our products / services portfolio Leverage assets to build the deployment architecture and integration requirements
© 2014 IBM Corporation IBM Security Systems 15 Cloud Enabled Data Center - simple use case Cloud Enabled Data Center Self-Service GUI Cloud Platform User identity is verified and authenticated 1 Available Resource Resource Pool Resource chosen from correct security domain 2 Image Library Machine Image VM is configured with appropriate security policy 3 Hypervisor Configured Machine Image Virtual Machine Virtual Machine Image provisioned behind FW / IPS 4 Host security installed and updated 5 SW Catalog Config Binaries Software patches applied and up-to-date 6 Identity & Access Management Security Information & Event Management Endpoint Management Threat & Intrusion Prevention
© 2014 IBM Corporation IBM Security Systems 1616 One component in detail: Security Information and Event Management
© 2014 IBM Corporation IBM Security Systems 17 Security Components Security Intelligence Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management Security Component Model – Cloud Enabled Data Center *Infrastructure Includes – Server, Network, Storage
© 2014 IBM Corporation IBM Security Systems 18 Generic security service catalog for Security Operations Risk and Compliance Compliance Reporting Risk Reporting Compliance Controlling Records Management Fraud Detection Risk Identification Digital Forensics Supervisory ServicesCompliance Management Evidence ManagementRisk Management Analytics Services Security & Compliance Dashboard Threat and Vulnerability Management Vulnerability Remediation Vulnerability Analysis Vulnerability Discovery Security Information and Event ManagementVulnerability Management Security Event Correlation & Normalization Security Log Collection & Normalization Security Monitoring and Alerting Security Problem and Incident Response Threat Analysis Security Threat and Vulnerability Research Threat Identification Security Intelligence Threat Management Threat Mitigation IT Service Management Incident and Problem Management Asset Management Asset Administration IT Service Management Asset Management
© 2014 IBM Corporation IBM Security Systems 19 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Practical example: SIEM across hybrid cloud deployments Workloads deployed in private virtual Environments Public Cloud Services
© 2014 IBM Corporation IBM Security Systems 20 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Recomendados

Cbs aws-fundamentals-1
Cbs aws-fundamentals-1Cbs aws-fundamentals-1
Cbs aws-fundamentals-1Luis Merino Troncoso
 
Cloud computing
Cloud computingCloud computing
Cloud computingDebrajKarmakar
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture Maganathin Veeraragaloo
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud StrategyDekkinga, Ewout
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt omalreda
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution SecurityAlan McSweeney
 

Recomendados

Cbs aws-fundamentals-1
Cbs aws-fundamentals-1Cbs aws-fundamentals-1
Cbs aws-fundamentals-1Luis Merino Troncoso
 
Cloud computing
Cloud computingCloud computing
Cloud computingDebrajKarmakar
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture Maganathin Veeraragaloo
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud StrategyDekkinga, Ewout
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt omalreda
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution SecurityAlan McSweeney
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached StorageShashank Bhatnagar
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and ChallengesMigrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and ChallengesOSSCube
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceTom Laszewski
 
Cloud Computing Business Models
Cloud Computing Business ModelsCloud Computing Business Models
Cloud Computing Business ModelsMourad ZEROUKHI
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Servicios de Bases de Datos de AWS
Servicios de Bases de Datos de AWSServicios de Bases de Datos de AWS
Servicios de Bases de Datos de AWSAmazon Web Services LATAM
 
Azure 101
Azure 101Azure 101
Azure 101Korry Lavoie
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security complianceBryan Starbuck
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfInfosec Train
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
Moving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmapsMoving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmapsJisc
 
Private Cloud Architecture
Private Cloud ArchitecturePrivate Cloud Architecture
Private Cloud ArchitectureDerek Keats
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategiesSogetiLabs
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 
Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Tim Cole
 
Microsoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMicrosoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMichael Hettich
 

Mais conteúdo relacionado

Mais procurados

Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached StorageShashank Bhatnagar
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and ChallengesMigrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and ChallengesOSSCube
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceTom Laszewski
 
Cloud Computing Business Models
Cloud Computing Business ModelsCloud Computing Business Models
Cloud Computing Business ModelsMourad ZEROUKHI
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security complianceBryan Starbuck
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfInfosec Train
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
Moving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmapsMoving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmapsJisc
 
Private Cloud Architecture
Private Cloud ArchitecturePrivate Cloud Architecture
Private Cloud ArchitectureDerek Keats
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategiesSogetiLabs
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 

Mais procurados (20)

Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached Storage
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and ChallengesMigrating Legacy Applications to AWS Cloud: Strategies and Challenges
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best Practices
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
 
Cloud Computing Business Models
Cloud Computing Business ModelsCloud Computing Business Models
Cloud Computing Business Models
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Servicios de Bases de Datos de AWS
Servicios de Bases de Datos de AWSServicios de Bases de Datos de AWS
Servicios de Bases de Datos de AWS
 
Azure 101
Azure 101Azure 101
Azure 101
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security compliance
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSC
 
Moving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmapsMoving to the cloud: cloud strategies and roadmaps
Moving to the cloud: cloud strategies and roadmaps
 
Private Cloud Architecture
Private Cloud ArchitecturePrivate Cloud Architecture
Private Cloud Architecture
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 

Destaque

Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Tim Cole
 
Microsoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMicrosoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMichael Hettich
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onSplunk
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software SecurityFuturice
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Simple cloud reference architecture
Simple cloud reference architectureSimple cloud reference architecture
Simple cloud reference architectureDaeMyung Kang
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Cloud reference architecture as per nist
Cloud reference architecture as per nistCloud reference architecture as per nist
Cloud reference architecture as per nistgaurav jain
 
Mobile security-reference-architecture
Mobile security-reference-architectureMobile security-reference-architecture
Mobile security-reference-architectureVishal Sharma
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Khazret Sapenov
 
Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...OWASP Russia
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitectureHyTrust
 
Intro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal GovernmentIntro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal GovernmentIntel Corporation
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
FDA Focus on Design Controls
FDA Focus on Design Controls FDA Focus on Design Controls
FDA Focus on Design Controls April Bright
 

Destaque (20)

Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09Risikofakor Cloud Dnd09
Risikofakor Cloud Dnd09
 
Microsoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -SecurityMicrosoft Kompendium IT-Compliance und -Security
Microsoft Kompendium IT-Compliance und -Security
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modeling
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Simple cloud reference architecture
Simple cloud reference architectureSimple cloud reference architecture
Simple cloud reference architecture
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Cloud reference architecture as per nist
Cloud reference architecture as per nistCloud reference architecture as per nist
Cloud reference architecture as per nist
 
Mobile security-reference-architecture
Mobile security-reference-architectureMobile security-reference-architecture
Mobile security-reference-architecture
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
 
Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...Software development lifecycle: final security review and automatization, Tar...
Software development lifecycle: final security review and automatization, Tar...
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
 
Intro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal GovernmentIntro to Cloud Computing in the Federal Government
Intro to Cloud Computing in the Federal Government
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick Overview
 
FDA Focus on Design Controls
FDA Focus on Design Controls FDA Focus on Design Controls
FDA Focus on Design Controls
 

Semelhante a Security Building Blocks of the IBM Cloud Computing Reference Architecture

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)Glenn Ambler
 
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013IBM Switzerland
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusacatherinewall
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceSimon Baker
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...3camp
 
Salesforce.com – A Cloud Provider
Salesforce.com – A Cloud ProviderSalesforce.com – A Cloud Provider
Salesforce.com – A Cloud ProviderIRJET Journal
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
Cloud as an Enabler for Business Innovation
Cloud as an Enabler for Business InnovationCloud as an Enabler for Business Innovation
Cloud as an Enabler for Business InnovationIBM Danmark
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
Security Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A ReviewSecurity Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A ReviewAM Publications,India
 
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointSpeed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointDominopoint - Italian Lotus User Group
 
Cloud computing – an emerging paradigm
Cloud computing – an emerging paradigmCloud computing – an emerging paradigm
Cloud computing – an emerging paradigmNazneen Sheikh
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
Cisco Powered Overview
Cisco Powered OverviewCisco Powered Overview
Cisco Powered OverviewCisco Powered
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud pptSana Nasar
 

Semelhante a Security Building Blocks of the IBM Cloud Computing Reference Architecture (20)

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
Künftige Datacenter Trends_Hans-Dieter Wehle_IBM Symposium 2013
 
Bienvenida
BienvenidaBienvenida
Bienvenida
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
 
Cloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureCloud Computing Strategy and Architecture
Cloud Computing Strategy and Architecture
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
 
Salesforce.com – A Cloud Provider
Salesforce.com – A Cloud ProviderSalesforce.com – A Cloud Provider
Salesforce.com – A Cloud Provider
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Cloud as an Enabler for Business Innovation
Cloud as an Enabler for Business InnovationCloud as an Enabler for Business Innovation
Cloud as an Enabler for Business Innovation
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Security Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A ReviewSecurity Features of different Cloud Service Models: A Review
Security Features of different Cloud Service Models: A Review
 
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointSpeed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
 
Cloud computing – an emerging paradigm
Cloud computing – an emerging paradigmCloud computing – an emerging paradigm
Cloud computing – an emerging paradigm
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Cisco Powered Overview
Cisco Powered OverviewCisco Powered Overview
Cisco Powered Overview
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud ppt
 

Último

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Último (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Security Building Blocks of the IBM Cloud Computing Reference Architecture

  • 1. © 2014 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation Security Building Blocks of the Cloud Computing Reference Architecture Stefaan Van daele Senior Security Architect – IBM Europe stefaan_vandaele at be.ibm.com stefaanvda http://www.linkedin.com/in/stefaanvdaele
  • 2. © 2014 IBM Corporation IBM Security Systems 22 Security Requirements in Cloud Solutions
  • 3. © 2014 IBM Corporation IBM Security Systems 3 Different cloud deployment models also change the way we think about security Private cloud Public cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Available to the general public or a large industry group and owned by an organization selling cloud services. Hybrid IT Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability - Customer responsibility for infrastructure − More customization of security controls − Good visibility into day-to-day operations − Easy to access to logs and policies − Applications and data remain “inside the firewall” − Provider responsibility for infrastructure − Less customization of security controls − No visibility into day-to-day operations − Difficult to access to logs and policies − Applications and data are publically exposed Changes in Security and Privacy
  • 4. © 2014 IBM Corporation IBM Security Systems 4 Minimizing the risks of cloud computing requires a strategic approach  Define a cloud strategy with security in mind – Identify the different workloads and how they need to interact. – Which models are appropriate based on their security and trust requirements and the systems they need to interface to?  Identify the security measures needed – Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as governance, architecture, applications and assurance. Enabling security for the cloud – Define the upfront set of assurance measures that must be taken. – Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational security measures.
  • 5. © 2014 IBM Corporation IBM Security Systems 5 Our approach to delivering security aligns with each phase of an organization’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Example security capabilities  Cloud security roadmap  Secure development  Network threat protection  Server security  Database security  Application security  Virtualization security  Endpoint protection  Configuration and patch management  Identity and access management  Secure cloud communications  Managed security services Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Govern the cloud through ongoing security operations and workflow. IBM Cloud Security Approach
  • 6. © 2014 IBM Corporation IBM Security Systems 6 Adoption patterns are emerging for successfully beginning and progressing cloud initiatives IBM Cloud Security - One Size Does Not Fit All Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
  • 7. © 2014 IBM Corporation IBM Security Systems 7 Capabilities provided to consumers for using a provider’s applications Key security focus: Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies Integrated service management, automation, provisioning, self service Key security focus: Infrastructure and Identity  Manage datacenter identities  Secure virtual machines  Patch default images  Monitor logs on all resources  Network isolation Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Key security focus: Applications and Data  Secure shared databases  Encrypt private information  Build secure applications  Keep an audit trail  Integrate existing security Advanced platform for creating, managing, and monetizing cloud services Key security focus: Data and Compliance  Isolate cloud tenants  Policy and regulations  Manage security operations  Build compliant data centers  Offer backup and resiliency Each pattern has its own set of key security concerns Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Security Intelligence – threat intelligence, user activity monitoring, real time insights
  • 8. © 2014 IBM Corporation IBM Security Systems 88 Cloud Computing Reference Architecture (CCRA)
  • 9. © 2014 IBM Corporation IBM Security Systems 9 March 2009 Initiated CCAB SC CCMP Reference Architecture Early 2012 • Release CCRA 2.5 • Reach milestone of ~1500 IBMers formally educated on the CCRA July 2011 Released “CCRA 2.0 for Business Partners” February 2011 Submitted CCRA to The Open Group Evolution of the Cloud Computing Reference Architecture (CCRA 3.0) November 2012 • Release CCRA 3.0 • Adoption Patterns  Prescriptive guidance on IaaS/PaaS/CSP/SaaS March 2011 Release CCRA 2.0March 2010 Published CC & CCMP Reference Architecture 1.0 October 2010 Used in Cloud Launch and various customer/analyst sessions April 2011 Public Cloud RA whitepaper available on ibm.com 2012/13 CCRA Standardization ongoing Defined overall architectural foundation Added product- and –integration focused solution architectures
  • 10. © 2014 IBM Corporation IBM Security Systems 10 Represents the aggregate experience from hundreds of cloud client engagements and IBM-hosted cloud implementations –Based on knowledge of IBM’s services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies Reflected in the design of – Clouds IBM implements for clients – IBM-hosted cloud services – IBM cloud appliances – IBM cloud products Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc The IBM Cloud Computing Reference Architecture (CCRA) Governance Security, Resiliency, Performance & Consumability Cloud Service Creator Cloud Service Consumer Cloud Service Provider Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service Business-Process- as-a-Service Business Support Services (BSS) Cloud Service Integration Tools Consumer In-house IT Service Creation Tools Infrastructure Existing & 3rd party services, Partner Ecosystems CCRA 3.0 Common Reference Architecture Foundation Cloud-enabled data center / building IaaS Platform Services Cloud Service Provider Building SaaS
  • 11. © 2014 IBM Corporation IBM Security Systems 11 CCRA Detailed Overview
  • 12. © 2014 IBM Corporation IBM Security Systems 12 CCRA Security Component Model *Infrastructure Includes – Server, Network, Storage Security Components Security Intelligence, Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8ee7_4e49c1ef5d22/p age/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0 Additional information can be found here :
  • 13. © 2014 IBM Corporation IBM Security Systems 13 Using the IBM Security Framework, we articulate the way we address security in the Cloud in terms of Foundational Controls IBM Cloud Security Reference Model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security DeployDesignConsume
  • 14. © 2014 IBM Corporation IBM Security Systems 14 Understand Client Define Client Requirements Design Solution Detail Design Define Roadmap & 1st Project Business Driver Actors and use cases Non-functional requirements System context Architecture decisions Architecture overview Component model Operational model Solution integration Details Cloud roadmap Project description Viability Assessment Solution Approach - Summary Get a thorough understanding of their existing IT environment and identify the client’s Cloud Adoption Pattern Identify actors, workloads and associated use cases and identify security requirements for each scenario Define the Architecture Overview Identify the building blocks and controls needed leveraging the IBM Security Framework and Cloud Foundational Controls Define the project plan with overall timeline, phases and key milestones, and overall delivery Use the CCRA Security Component Model to identify required components and their interactions for the solution Realize the component by mapping to the capabilities in our products / services portfolio Leverage assets to build the deployment architecture and integration requirements
  • 15. © 2014 IBM Corporation IBM Security Systems 15 Cloud Enabled Data Center - simple use case Cloud Enabled Data Center Self-Service GUI Cloud Platform User identity is verified and authenticated 1 Available Resource Resource Pool Resource chosen from correct security domain 2 Image Library Machine Image VM is configured with appropriate security policy 3 Hypervisor Configured Machine Image Virtual Machine Virtual Machine Image provisioned behind FW / IPS 4 Host security installed and updated 5 SW Catalog Config Binaries Software patches applied and up-to-date 6 Identity & Access Management Security Information & Event Management Endpoint Management Threat & Intrusion Prevention
  • 16. © 2014 IBM Corporation IBM Security Systems 1616 One component in detail: Security Information and Event Management
  • 17. © 2014 IBM Corporation IBM Security Systems 17 Security Components Security Intelligence Analytics and GRC People Data Applications Infrastructure* Security Governance, Risk Management & Compliance Security Information & Event Management Data & Information SecurityIdentity & Access Management Security Intelligence Physical & Personnel Security Threat & Intrusion Prevention Security Policy Management Encryption & Key Management Secure Application Development Endpoint Management Security Component Model – Cloud Enabled Data Center *Infrastructure Includes – Server, Network, Storage
  • 18. © 2014 IBM Corporation IBM Security Systems 18 Generic security service catalog for Security Operations Risk and Compliance Compliance Reporting Risk Reporting Compliance Controlling Records Management Fraud Detection Risk Identification Digital Forensics Supervisory ServicesCompliance Management Evidence ManagementRisk Management Analytics Services Security & Compliance Dashboard Threat and Vulnerability Management Vulnerability Remediation Vulnerability Analysis Vulnerability Discovery Security Information and Event ManagementVulnerability Management Security Event Correlation & Normalization Security Log Collection & Normalization Security Monitoring and Alerting Security Problem and Incident Response Threat Analysis Security Threat and Vulnerability Research Threat Identification Security Intelligence Threat Management Threat Mitigation IT Service Management Incident and Problem Management Asset Management Asset Administration IT Service Management Asset Management
  • 19. © 2014 IBM Corporation IBM Security Systems 19 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Practical example: SIEM across hybrid cloud deployments Workloads deployed in private virtual Environments Public Cloud Services
  • 20. © 2014 IBM Corporation IBM Security Systems 20 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.