SlideShare uma empresa Scribd logo

Lucw lsec-securit-20110907-4-final-5

Luc Wijns
Luc Wijns

This document discusses data security in the cloud and Oracle's approach. It provides definitions of cloud computing and discusses concerns around security, compliance, and transparency. It outlines Oracle's cloud strategy of supporting both public and private clouds. Oracle's solutions provide defense-in-depth security across infrastructure, databases, middleware, and applications. Encryption is used at multiple layers from infrastructure to applications to protect data at rest and in transit. Governance and transparency are important for building trust in cloud computing.

TecnologiaNegócios
1 de 39
Baixar para ler offline
<Insert Picture Here>
<Insert Picture Here> Data Security in the Cloud Luc Wijns Chief Technologist Systems Benelux
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. © 2011 Oracle Corporation 3
NIST Definition of Cloud Computing Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of: 5 Essential Characteristics • On-demand self-service • Resource pooling • Rapid elasticity • Measured service • Broad network access ©Source: NIST Corporation Cloud Computing v15 2011 Oracle Definition of 3 Service Models • SaaS • PaaS • IaaS 4 Deployment Models • Public Cloud • Private Cloud • Community Cloud • Hybrid Cloud 4
Fear, Uncertainty & Doubt: FUD • …”Cloud Computing is not Secure”… ? • Can Cloud Computing be as Secure as on-premises Data Centers ? • Can Cloud Computing be Compliant ? • What About: “Cloud Computing cannot meet the Common Needs Because Customers won’t let their Data leave their Country.” ? • “We must move all to the Clouds or we won’t be competitive anymore…”?!? • …..etc …. © 2011 Oracle Corporation 5
In the Cloud Threats do not Change Security guru Bruce Schneier says that whatever cloud computing is, the security issues and conversations around it are nothing new. The key, he says, always comes down to trust and transparency. By Dahna McConnachie Technology & Business March 31, 2009 http://www.schneier.com/news-083.html © 2011 Oracle Corporation 6
Security Concerns Don’t Change Identification Authentication Authorization Accountability Confidentiality Integrity Privacy Non-repudiation Availability © 2011 Oracle Corporation 7 7
Which is “Best” for which Context ? © 2011 Oracle Corporation 8
Service Models and Transparency Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure IaaS PaaS PaaS SaaS SaaS SaaS Cloud Infrastructure Cloud Infrastructure IaaS PaaS Cloud Infrastructure IaaS © 2011 Oracle Corporation PaaS Software as a Service (SaaS) Architectures Platform as a Service (PaaS) Architectures Infrastructure as a Service (IaaS) Architectures 9
Road To Security Maturity Infrastructure Maturity Governance Performance Management Level 5 Business Value Management Automation Level 4 IT Service Management Virtualization Level 3 IT Operation Management Level 2 IT Component Management End-to-end services provisioning Infrastructure on demand Infrastructure virtualization Industrialization Standardization Consolidation Level 1 Crisis Control Business Value © 2011 Oracle Corporation 10
Oracle Cloud Computing Strategy Our objectives: • Ensure that cloud computing is fully enterprise grade • Support both public and private cloud computing – give customers choice Oracle Applications Oracle On Demand Public Clouds SaaS SaaS PaaS PaaS IaaS IaaS Oracle Technology in public clouds © 2011 Oracle Corporation I N T E R N E T Private Cloud I N T R A N E T Apps SaaS PaaS PaaS IaaS IaaS Users Oracle Private PaaS 11
Oracle On Demand – Security (SaaS) • Compliance Rules are implemented Everywhere • Example: HIPAA Service Provider for Healthcare • Compliant with the Technical, Physical and Administrative Safeguards • HITECH Requires Business Associates (Services Providers) to be Compliant • ISO27000 Certificate 1/2 © 2011 Oracle Corporation 12
Compliance Requirements FERPA Student Records Federal Educational Rights & Privacy Act © 2011 Oracle Corporation Data privacy laws HR Most US states + foreign countries PCI-DSS Orders Payment Card Industry-Data Security Standards SOX Finance Sarbanes-Oxley HIPAA/ HITECH Patient Records Health Information Technology for Economic & Clinical Health Act 13
Oracle Private Cloud Solution Applications 3rd Party Apps Cloud Management Oracle Apps Oracle Enterprise Manager ISV Apps Application Performance Mgmt Platform as a Service Integration: SOA Suite Process Mgmt: BPM Suite Security: Identity Mgmt User Interaction: WebCenter Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Database Grid: Oracle Database, RAC, ASM, Partitioning, IMDB Cache, Active Data Guard, Database Security Lifecycle Management Configuration Management Application Quality Mgmt Infrastructure as a Service Oracle Solaris Operating Systems: Oracle Enterprise Linux Oracle Oracle VM for SPARC (LDom) Solaris Containers Ops Center Oracle VM for x86 Servers Physical & Virtual Systems Mgmt Storage © 2011 Oracle Corporation 14
Access Cloud Architecture – Logical View Interfaces Native Protocols Portals Custom UIs Self-Service APIs Facilities Proxy Perimeter Security Naming Balancing User Interaction / self service PaaS Data Queue Container IaaS Application Server Network Security / Policy Mgmt Model Mgmt Provisioning Customer info model Service catalog Mediation, Policy enforcement Storage Resources vDCs Logical Pools Physical Pools © 2011 Oracle Corporation Compute Compute Networks Networks Storage Storage Other Other Pool Managers Service Mgmt Monitoring Capacity mgmt. Metering & Billing Resource mgmt. Clouds Cloud Management Services SaaS Business Process Business Service External Legacy Partners 15
Identify Roles and Interactions Cloud Implies Changes in IT Roles Models Service App Owner User uses service Monitors & Approves Services Developer Creates Services DevOps Packages & Deploys Services Monitor/manages cloud Cloud Operator creates resources Cloud Builder © 2011 Oracle Corporation 16
Oracle Defense-in-Depth © 2011 Oracle Corporation 17
Oracle Security Inside Out Infrastructure Security • • • • Hardware Accelerated Encryption Secure Key Management and Storage Strong Workload Isolation Secure Service Delivery Platforms Database Security Infrastructure Databases Middleware Applications • • • • • • Encryption and Masking Privileged User Controls Multi-Factor Authorization Activity Monitoring and Audit Secure Configuration Monitor and Block Middleware Information • • • • • User and Role Management Access Management Virtual Directories Rights Management Identity Governance Applications • • • • © 2011 Oracle Corporation Comprehensive Compliance Mgmt. Centralized Policy Administration Access Management Track and Audit Content and Usage 18
Bringing Infrastructure Security Secure Infrastructure Matters ! © 2011 Oracle Corporation 19
Infrastructure Security Foundation © 2011 Oracle Corporation 20
Infrastructure and Cryptography © 2011 Oracle Corporation 21
Solaris Security   Secure Service Containers User and Process Rights Management   Cryptographic Framework  Comprehensive Auditing  Solaris Trusted Extensions  © 2011 Oracle Corporation Secure Network Access Common Criteria Evaluated (EAL4+) 22
Solaris Zones: Immutable Service Containers © 2011 Oracle Corporation 23
Infrastructure and Cryptography © 2011 Oracle Corporation 24
How to Destroy Data in a Hurry • Delete File: No • Over writing the data: No • Shoot the drive: No • Security Erase: No • De-Gaussing: No or at High Cost • Melting : No or at High Cost • Shreding : No or at High Cost © 2011 Oracle Corporation 25
ZFS Hybrid Storage Pool Encryption Solaris 11 Express brings Encryption to ZFS Hybrid Storage Pools • DRAM/ARC is not Encrypted – But you can protect swapped out pages (encrypted swap ZVOL) • L2ARC is always encrypted (ephemeral keys) • ZIL is always encrypted (on-disk or on-SSD) • On Disk data is always encrypted © 2011 Oracle Corporation DRAM/ ARC Write/ ZIL Flash Read/ L2ARC Flash Scalable Large Capacity SAS Disks 26
Full Disk Encryption (FDE)?  Almost 100% transparent to the User    You will probably to enter a password at boot time 0% performance impact if encrypt/decrypt in firmware Hardware is filesystem agnostic         © 2011 Oracle Corporation No Access to Ciphertext Is it really encrypted ? No known versions with data encryption key change Same keylen/algorithm/mode for complete disk A lot of data with same key Need HW change to change algorithm No Enterprise SSD doing Crypto Not aware of Raid Volumes 27
ZFS Filesystem & Dataset Encryption • More Flexibility in Software • Easiest for Key Management • Single multi-disk pool or per dataset wrapping keys • Keys are agnostic of Raid config • Wrapping and Data endryption change • Algorithm/kelen/mode change © Corporation – Proprietary and Confidential © 2010 Oracle 2011 Oracle Corporation • Integrate with SSDs (HSP) • Ciphertext is visible • Encrypt Snapshot and Clones • Compression, encryption, & deduplication work together • Integrating with the host & operating system crypto infrastructure (SW and HW) 28
Infrastructure and Cryptography © 2011 Oracle Corporation 29
Cryptographic Capabilities and Algorithms T3 Processor 30 © 2011 Oracle Corporation 30
Infrastructure and Cryptography © 2011 Oracle Corporation 31
Three Key Elements Needed for Data Encryption on Removable Media Crypto-Ready Tape Drive © 2011 Oracle Corporation Key Management Station Token to Transport Keys 32
Key Takeways • Public and Private Clouds share the same Security Requirements • “Cloud Thinking” wrt/Security – Increases security concerns from day one – Involves all the stakeholders from day one • Investing in “Cloud Technologies” Requires to Shift Minds and Impacts the “Complete Stack” • Whatever you think to do with “Cloud”, Infrastructure Always Matter © 2011 Oracle Corporation 33
Oracle Security is Complete © 2011 Oracle Corporation 34
Q&A © 2011 Oracle Corporation 35
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. © 2011 Oracle Corporation 36
© 2011 Oracle Corporation 37
Trust in Cloud Computing with Transparent Security • Governance, Information Security and Transparency are interrelated concepts • Security Governance: can rely on an ISMS based (iso27001/2) • Transparency is related the disclosure of governance frameworks between cloud SP and users. Sources: http://blogs.barrons.com/techtraderdaily/ http://blog.talkingidentity.com © 2011 Oracle Corporation 38
Data Encryption Matters • The Best Way to Destroy Data in a Hurry is: Encrypt Your Data and Destroy Only the Key • The Best Way to Protect Data Efficiently is: Encrypt Your Data and Protect Only the Key • Data in Creation, Data in Transit, Data at Rest • At All Layers of the Stack © 2011 Oracle Corporation 39

Recomendados

Enterprise PaaS, Cloud-Native Architecture and Microservices
Enterprise PaaS, Cloud-Native Architecture and MicroservicesEnterprise PaaS, Cloud-Native Architecture and Microservices
Enterprise PaaS, Cloud-Native Architecture and Microservices
Florian Georg
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
guest536dd0e
 
Cloud Oracle
Cloud Oracle Cloud Oracle
Cloud Oracle
Fran Navarro
 
Media Workloads in the Cloud
Media Workloads in the CloudMedia Workloads in the Cloud
Media Workloads in the Cloud
CloudSigma
 
2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream
Ingram Micro Cloud
 
Solaris11 1 Evento Boot
Solaris11 1 Evento BootSolaris11 1 Evento Boot
Solaris11 1 Evento Boot
Fran Navarro
 
Mobility &amp; security Microsoft SPE5 By Bipeen Sinha
Mobility &amp; security Microsoft SPE5 By Bipeen SinhaMobility &amp; security Microsoft SPE5 By Bipeen Sinha
Mobility &amp; security Microsoft SPE5 By Bipeen Sinha
Bipeen Sinha
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 

Recomendados

Enterprise PaaS, Cloud-Native Architecture and Microservices
Enterprise PaaS, Cloud-Native Architecture and MicroservicesEnterprise PaaS, Cloud-Native Architecture and Microservices
Enterprise PaaS, Cloud-Native Architecture and Microservices
Florian Georg
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
guest536dd0e
 
Cloud Oracle
Cloud Oracle Cloud Oracle
Cloud Oracle
Fran Navarro
 
Media Workloads in the Cloud
Media Workloads in the CloudMedia Workloads in the Cloud
Media Workloads in the Cloud
CloudSigma
 
2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream
Ingram Micro Cloud
 
Solaris11 1 Evento Boot
Solaris11 1 Evento BootSolaris11 1 Evento Boot
Solaris11 1 Evento Boot
Fran Navarro
 
Mobility &amp; security Microsoft SPE5 By Bipeen Sinha
Mobility &amp; security Microsoft SPE5 By Bipeen SinhaMobility &amp; security Microsoft SPE5 By Bipeen Sinha
Mobility &amp; security Microsoft SPE5 By Bipeen Sinha
Bipeen Sinha
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Microsoft azure - the cloud for modern business
Microsoft azure - the cloud for modern businessMicrosoft azure - the cloud for modern business
Microsoft azure - the cloud for modern business
Vinh Nguyen Quang
 
Exadata Cloud Service Overview(v2)
Exadata Cloud Service Overview(v2) Exadata Cloud Service Overview(v2)
Exadata Cloud Service Overview(v2)
Okcan Yasin Saygılı
 
Solix EDMS and Oracle Exadata: Transitioning to the Private Cloud
Solix EDMS and Oracle Exadata: Transitioning to the Private CloudSolix EDMS and Oracle Exadata: Transitioning to the Private Cloud
Solix EDMS and Oracle Exadata: Transitioning to the Private Cloud
Frank Morris
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-External
Sukumar Nayak
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
PECB
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Integration Cloud Service Deep dive
Integration Cloud Service Deep diveIntegration Cloud Service Deep dive
Integration Cloud Service Deep dive
Getting value from IoT, Integration and Data Analytics
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
Cisco DevNet
 
Presentation cisco ucs director
Presentation cisco ucs directorPresentation cisco ucs director
Presentation cisco ucs director
solarisyougood
 
From OpenStack.... towards an Open cloud architecture
From OpenStack.... towards an Open cloud architecture From OpenStack.... towards an Open cloud architecture
From OpenStack.... towards an Open cloud architecture
Claude Riousset
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Aung Thu Rha Hein
 
XO Enterprise Cloud
XO Enterprise CloudXO Enterprise Cloud
XO Enterprise Cloud
Mari Hansen
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
OracleIDM
 
GIS Into to Cloud Microsoft Azure
GIS Into to Cloud Microsoft Azure GIS Into to Cloud Microsoft Azure
GIS Into to Cloud Microsoft Azure
Usama Wahab Khan Cloud, Data and AI
 
DELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_CompleteDELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_Complete
DELLEMC Technologies
 
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceSun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Callidus Software
 
Cisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Data Center Orchestration Solution
Cisco Data Center Orchestration Solution
Cisco Canada
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
Citrix
 
Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
Ray Février
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud Computing
Rex Wang
 

Mais conteúdo relacionado

Mais procurados

Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-External
Sukumar Nayak
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
Cisco DevNet
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
OracleIDM
 
DELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_CompleteDELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_Complete
DELLEMC Technologies
 
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceSun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Callidus Software
 
Cisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Data Center Orchestration Solution
Cisco Data Center Orchestration Solution
Cisco Canada
 

Mais procurados (20)

Microsoft azure - the cloud for modern business
Microsoft azure - the cloud for modern businessMicrosoft azure - the cloud for modern business
Microsoft azure - the cloud for modern business
 
Exadata Cloud Service Overview(v2)
Exadata Cloud Service Overview(v2) Exadata Cloud Service Overview(v2)
Exadata Cloud Service Overview(v2)
 
Solix EDMS and Oracle Exadata: Transitioning to the Private Cloud
Solix EDMS and Oracle Exadata: Transitioning to the Private CloudSolix EDMS and Oracle Exadata: Transitioning to the Private Cloud
Solix EDMS and Oracle Exadata: Transitioning to the Private Cloud
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-External
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Integration Cloud Service Deep dive
Integration Cloud Service Deep diveIntegration Cloud Service Deep dive
Integration Cloud Service Deep dive
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
 
Presentation cisco ucs director
Presentation cisco ucs directorPresentation cisco ucs director
Presentation cisco ucs director
 
From OpenStack.... towards an Open cloud architecture
From OpenStack.... towards an Open cloud architecture From OpenStack.... towards an Open cloud architecture
From OpenStack.... towards an Open cloud architecture
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
XO Enterprise Cloud
XO Enterprise CloudXO Enterprise Cloud
XO Enterprise Cloud
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
GIS Into to Cloud Microsoft Azure
GIS Into to Cloud Microsoft Azure GIS Into to Cloud Microsoft Azure
GIS Into to Cloud Microsoft Azure
 
DELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_CompleteDELLEMC_Portfolio_hyperlinks_Complete
DELLEMC_Portfolio_hyperlinks_Complete
 
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceSun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
 
Cisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Data Center Orchestration Solution
Cisco Data Center Orchestration Solution
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and Security
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
 

Semelhante a Lucw lsec-securit-20110907-4-final-5

Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
Ray Février
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
Dr. Wilfred Lin (Ph.D.)
 

Semelhante a Lucw lsec-securit-20110907-4-final-5 (20)

Analytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle ApplicationsAnalytics and Lakehouse Integration Options for Oracle Applications
Analytics and Lakehouse Integration Options for Oracle Applications
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud Computing
 
Oracle cloud oagi
Oracle cloud oagiOracle cloud oagi
Oracle cloud oagi
 
Private Cloud Database Consolidation
Private Cloud Database ConsolidationPrivate Cloud Database Consolidation
Private Cloud Database Consolidation
 
Apex day 1.0 oracle cloud news_andrej valach
Apex day 1.0 oracle cloud news_andrej valachApex day 1.0 oracle cloud news_andrej valach
Apex day 1.0 oracle cloud news_andrej valach
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
 
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
 
Cloud & Oracle FMW
Cloud & Oracle FMWCloud & Oracle FMW
Cloud & Oracle FMW
 
Oracle Cloud Overview - Day1 (1)-converted.pptx
Oracle Cloud Overview - Day1 (1)-converted.pptxOracle Cloud Overview - Day1 (1)-converted.pptx
Oracle Cloud Overview - Day1 (1)-converted.pptx
 
Eci sparc
Eci sparcEci sparc
Eci sparc
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes Sense
 
Iaas storage-170302090824
Iaas storage-170302090824Iaas storage-170302090824
Iaas storage-170302090824
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
 
Top 10 reasons to adopt cloud
Top 10 reasons to adopt cloudTop 10 reasons to adopt cloud
Top 10 reasons to adopt cloud
 
Multidisziplinäre Analyseanwendungen auf einer gemeinsamen Datenplattform ers...
Multidisziplinäre Analyseanwendungen auf einer gemeinsamen Datenplattform ers...Multidisziplinäre Analyseanwendungen auf einer gemeinsamen Datenplattform ers...
Multidisziplinäre Analyseanwendungen auf einer gemeinsamen Datenplattform ers...
 
Cloud Made Easy - August 2017
Cloud Made Easy - August 2017Cloud Made Easy - August 2017
Cloud Made Easy - August 2017
 
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based ExtensibilityExtending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
 
Michał Wawrzyński @ "Oracle Systems jako infrastruktura dla chmur prywatnych"...
Michał Wawrzyński @ "Oracle Systems jako infrastruktura dla chmur prywatnych"...Michał Wawrzyński @ "Oracle Systems jako infrastruktura dla chmur prywatnych"...
Michał Wawrzyński @ "Oracle Systems jako infrastruktura dla chmur prywatnych"...
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Lucw lsec-securit-20110907-4-final-5

  • 2. <Insert Picture Here> Data Security in the Cloud Luc Wijns Chief Technologist Systems Benelux
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. © 2011 Oracle Corporation 3
  • 4. NIST Definition of Cloud Computing Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of: 5 Essential Characteristics • On-demand self-service • Resource pooling • Rapid elasticity • Measured service • Broad network access ©Source: NIST Corporation Cloud Computing v15 2011 Oracle Definition of 3 Service Models • SaaS • PaaS • IaaS 4 Deployment Models • Public Cloud • Private Cloud • Community Cloud • Hybrid Cloud 4
  • 5. Fear, Uncertainty & Doubt: FUD • …”Cloud Computing is not Secure”… ? • Can Cloud Computing be as Secure as on-premises Data Centers ? • Can Cloud Computing be Compliant ? • What About: “Cloud Computing cannot meet the Common Needs Because Customers won’t let their Data leave their Country.” ? • “We must move all to the Clouds or we won’t be competitive anymore…”?!? • …..etc …. © 2011 Oracle Corporation 5
  • 6. In the Cloud Threats do not Change Security guru Bruce Schneier says that whatever cloud computing is, the security issues and conversations around it are nothing new. The key, he says, always comes down to trust and transparency. By Dahna McConnachie Technology & Business March 31, 2009 http://www.schneier.com/news-083.html © 2011 Oracle Corporation 6
  • 7. Security Concerns Don’t Change Identification Authentication Authorization Accountability Confidentiality Integrity Privacy Non-repudiation Availability © 2011 Oracle Corporation 7 7
  • 8. Which is “Best” for which Context ? © 2011 Oracle Corporation 8
  • 9. Service Models and Transparency Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure IaaS PaaS PaaS SaaS SaaS SaaS Cloud Infrastructure Cloud Infrastructure IaaS PaaS Cloud Infrastructure IaaS © 2011 Oracle Corporation PaaS Software as a Service (SaaS) Architectures Platform as a Service (PaaS) Architectures Infrastructure as a Service (IaaS) Architectures 9
  • 10. Road To Security Maturity Infrastructure Maturity Governance Performance Management Level 5 Business Value Management Automation Level 4 IT Service Management Virtualization Level 3 IT Operation Management Level 2 IT Component Management End-to-end services provisioning Infrastructure on demand Infrastructure virtualization Industrialization Standardization Consolidation Level 1 Crisis Control Business Value © 2011 Oracle Corporation 10
  • 11. Oracle Cloud Computing Strategy Our objectives: • Ensure that cloud computing is fully enterprise grade • Support both public and private cloud computing – give customers choice Oracle Applications Oracle On Demand Public Clouds SaaS SaaS PaaS PaaS IaaS IaaS Oracle Technology in public clouds © 2011 Oracle Corporation I N T E R N E T Private Cloud I N T R A N E T Apps SaaS PaaS PaaS IaaS IaaS Users Oracle Private PaaS 11
  • 12. Oracle On Demand – Security (SaaS) • Compliance Rules are implemented Everywhere • Example: HIPAA Service Provider for Healthcare • Compliant with the Technical, Physical and Administrative Safeguards • HITECH Requires Business Associates (Services Providers) to be Compliant • ISO27000 Certificate 1/2 © 2011 Oracle Corporation 12
  • 13. Compliance Requirements FERPA Student Records Federal Educational Rights & Privacy Act © 2011 Oracle Corporation Data privacy laws HR Most US states + foreign countries PCI-DSS Orders Payment Card Industry-Data Security Standards SOX Finance Sarbanes-Oxley HIPAA/ HITECH Patient Records Health Information Technology for Economic & Clinical Health Act 13
  • 14. Oracle Private Cloud Solution Applications 3rd Party Apps Cloud Management Oracle Apps Oracle Enterprise Manager ISV Apps Application Performance Mgmt Platform as a Service Integration: SOA Suite Process Mgmt: BPM Suite Security: Identity Mgmt User Interaction: WebCenter Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Database Grid: Oracle Database, RAC, ASM, Partitioning, IMDB Cache, Active Data Guard, Database Security Lifecycle Management Configuration Management Application Quality Mgmt Infrastructure as a Service Oracle Solaris Operating Systems: Oracle Enterprise Linux Oracle Oracle VM for SPARC (LDom) Solaris Containers Ops Center Oracle VM for x86 Servers Physical & Virtual Systems Mgmt Storage © 2011 Oracle Corporation 14
  • 15. Access Cloud Architecture – Logical View Interfaces Native Protocols Portals Custom UIs Self-Service APIs Facilities Proxy Perimeter Security Naming Balancing User Interaction / self service PaaS Data Queue Container IaaS Application Server Network Security / Policy Mgmt Model Mgmt Provisioning Customer info model Service catalog Mediation, Policy enforcement Storage Resources vDCs Logical Pools Physical Pools © 2011 Oracle Corporation Compute Compute Networks Networks Storage Storage Other Other Pool Managers Service Mgmt Monitoring Capacity mgmt. Metering & Billing Resource mgmt. Clouds Cloud Management Services SaaS Business Process Business Service External Legacy Partners 15
  • 16. Identify Roles and Interactions Cloud Implies Changes in IT Roles Models Service App Owner User uses service Monitors & Approves Services Developer Creates Services DevOps Packages & Deploys Services Monitor/manages cloud Cloud Operator creates resources Cloud Builder © 2011 Oracle Corporation 16
  • 17. Oracle Defense-in-Depth © 2011 Oracle Corporation 17
  • 18. Oracle Security Inside Out Infrastructure Security • • • • Hardware Accelerated Encryption Secure Key Management and Storage Strong Workload Isolation Secure Service Delivery Platforms Database Security Infrastructure Databases Middleware Applications • • • • • • Encryption and Masking Privileged User Controls Multi-Factor Authorization Activity Monitoring and Audit Secure Configuration Monitor and Block Middleware Information • • • • • User and Role Management Access Management Virtual Directories Rights Management Identity Governance Applications • • • • © 2011 Oracle Corporation Comprehensive Compliance Mgmt. Centralized Policy Administration Access Management Track and Audit Content and Usage 18
  • 20. Infrastructure Security Foundation © 2011 Oracle Corporation 20
  • 21. Infrastructure and Cryptography © 2011 Oracle Corporation 21
  • 22. Solaris Security   Secure Service Containers User and Process Rights Management   Cryptographic Framework  Comprehensive Auditing  Solaris Trusted Extensions  © 2011 Oracle Corporation Secure Network Access Common Criteria Evaluated (EAL4+) 22
  • 23. Solaris Zones: Immutable Service Containers © 2011 Oracle Corporation 23
  • 24. Infrastructure and Cryptography © 2011 Oracle Corporation 24
  • 25. How to Destroy Data in a Hurry • Delete File: No • Over writing the data: No • Shoot the drive: No • Security Erase: No • De-Gaussing: No or at High Cost • Melting : No or at High Cost • Shreding : No or at High Cost © 2011 Oracle Corporation 25
  • 26. ZFS Hybrid Storage Pool Encryption Solaris 11 Express brings Encryption to ZFS Hybrid Storage Pools • DRAM/ARC is not Encrypted – But you can protect swapped out pages (encrypted swap ZVOL) • L2ARC is always encrypted (ephemeral keys) • ZIL is always encrypted (on-disk or on-SSD) • On Disk data is always encrypted © 2011 Oracle Corporation DRAM/ ARC Write/ ZIL Flash Read/ L2ARC Flash Scalable Large Capacity SAS Disks 26
  • 27. Full Disk Encryption (FDE)?  Almost 100% transparent to the User    You will probably to enter a password at boot time 0% performance impact if encrypt/decrypt in firmware Hardware is filesystem agnostic         © 2011 Oracle Corporation No Access to Ciphertext Is it really encrypted ? No known versions with data encryption key change Same keylen/algorithm/mode for complete disk A lot of data with same key Need HW change to change algorithm No Enterprise SSD doing Crypto Not aware of Raid Volumes 27
  • 28. ZFS Filesystem & Dataset Encryption • More Flexibility in Software • Easiest for Key Management • Single multi-disk pool or per dataset wrapping keys • Keys are agnostic of Raid config • Wrapping and Data endryption change • Algorithm/kelen/mode change © Corporation – Proprietary and Confidential © 2010 Oracle 2011 Oracle Corporation • Integrate with SSDs (HSP) • Ciphertext is visible • Encrypt Snapshot and Clones • Compression, encryption, & deduplication work together • Integrating with the host & operating system crypto infrastructure (SW and HW) 28
  • 29. Infrastructure and Cryptography © 2011 Oracle Corporation 29
  • 30. Cryptographic Capabilities and Algorithms T3 Processor 30 © 2011 Oracle Corporation 30
  • 31. Infrastructure and Cryptography © 2011 Oracle Corporation 31
  • 32. Three Key Elements Needed for Data Encryption on Removable Media Crypto-Ready Tape Drive © 2011 Oracle Corporation Key Management Station Token to Transport Keys 32
  • 33. Key Takeways • Public and Private Clouds share the same Security Requirements • “Cloud Thinking” wrt/Security – Increases security concerns from day one – Involves all the stakeholders from day one • Investing in “Cloud Technologies” Requires to Shift Minds and Impacts the “Complete Stack” • Whatever you think to do with “Cloud”, Infrastructure Always Matter © 2011 Oracle Corporation 33
  • 34. Oracle Security is Complete © 2011 Oracle Corporation 34
  • 35. Q&A © 2011 Oracle Corporation 35
  • 36. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. © 2011 Oracle Corporation 36
  • 37. © 2011 Oracle Corporation 37
  • 38. Trust in Cloud Computing with Transparent Security • Governance, Information Security and Transparency are interrelated concepts • Security Governance: can rely on an ISMS based (iso27001/2) • Transparency is related the disclosure of governance frameworks between cloud SP and users. Sources: http://blogs.barrons.com/techtraderdaily/ http://blog.talkingidentity.com © 2011 Oracle Corporation 38
  • 39. Data Encryption Matters • The Best Way to Destroy Data in a Hurry is: Encrypt Your Data and Destroy Only the Key • The Best Way to Protect Data Efficiently is: Encrypt Your Data and Protect Only the Key • Data in Creation, Data in Transit, Data at Rest • At All Layers of the Stack © 2011 Oracle Corporation 39