SlideShare uma empresa Scribd logo

Layer 7 & Burton Group: New Cloud Security Model Requirements

CA API Management
CA API Management

This document summarizes Anne Thomas Manes' presentation on new security models for cloud computing. It discusses how cloud computing requires rethinking security architectures, with services spanning internal and external clouds. It recommends a service-oriented approach to security using layered defenses, mutual reinforcement of service-oriented architecture and security, and considering cloud brokers to enforce policies. Cloud governance is seen as the evolution of service-oriented architecture governance to provide visibility, security and control in cloud environments.

Tecnologia
1 de 28
Baixar para ler offline
Anne Thomas Manes New Security Models for the Cloud VP & Research Director amanes@burtongroup.com www.burtongroup.com Twitter: @atmanes November 19, 2009 All Contents © 2009 Burton Group. All rights reserved.
Cloud Computing 2 The set of disciplines, technologies, and business models used to deliver IT capabilities (software, platforms, hardware) as on-demand, scalable, elastic services How can I Look more make this... like this?
Security - Who is in control?
What…Me Worry? • Public cloud’s multi-tenant, dynamic characteristics may put sensitive, or regulated data at risk • Vendor viability creates strategic risk • Denial of service attacks could create systemic risk • A lack of transparency and accountability about security from cloud vendors lowers IDC survey: 74% rate trust cloud security issues as “very significant”
How’s the Public Cloud Security? Incidents • November 2007: Salesforce Staff Speared by Phishers • July, 2008 Hey Spammers, Get Off My Cloud! • March 2009: Google Privacy Blunder Shares Your Docs… • June 2009: Webhost hack wipes out data for 100,000 sites • October 2009: Amazon Web Services DDoS Attack And The Cloud • More at http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
Service consumer Service request (console or API) Service Cloud Computing catalog Service interface Enterprise service management Enterprise service management Cloud Requires a New Virtual DC Virtual DC Virtual DC External application(s) Security Architecture Cloud OS Service bus External service • Virtual data centers Internal IT Cloud management provider • Service oriented organization Service interface Virtual infrastructure management interfaces • Next generation Traditional Virtual infrastructure Cloud OS operating systems and infrastructure Compute Network Storage Security Virtual infrastructure management tools Physical infrastructure Physical infrastructure Compute Network Storage Security
Rethinking Security Architecture Security perimeters are changing • Activities and data move across open, untrusted networks • “Zones of trust” must become more logical than physical • Identity and application-aware firewalls • Security vendors must embrace virtualization security • Security management must span internal and external clouds
Rethinking Security Architecture Service-oriented security and identity management • Security must span internal and external clouds • Service oriented interfaces must be secured • Existing domain access control must give way to standards-based identity services • Multiple sources of identity • Encryption and key management must “follow” sensitive data
Security Zone Model 9 Zone definition: “A grouping of IT resources which may reside at multiple locations but have similar business communication and network protection requirements” Typical organization has equivalent of some or all of these zones * Audit zone optional
Changing Zone Implementations 10 Physical view – “old school” zone implementation Separation between the enterprise resources (sites, servers, devices) and the untrusted zone accomplished by Perimeter Devices Enterprise Controlled/Owned Enterprise Controlled/Owned User Site Data Center Not necessarily secure protocols Monitoring and Enforce- Site to Site VPN ment Not or Private WAN Necessarily Access Server secure Perimeter “Farm” endpoint Internet
Changing Zone Implementations 11 Physical view – “new school” zone implementation Separation between the enterprise resources (sites, servers, devices) and the untrusted zone accomplished by cryptography, e.g. Security Overlays Enterprise Controlled/Owned Data Center Secure Protocols Monitoring VPN and Any network or Or Proxy Enforce- site System End to ment Secure End Sec Endpoint (VPN client, End to Access Server system End Sec Perimeter “Farm” firewall, etc.) (resulting in this kind of topology)
Dynamic Perimeter Enforcement 12 New model: Logical zones with dynamic perimeters • Numerous, coordinated endpoint security agents • Centralized policy controls connection rules • Smarter firewalls • Smarter switching fabric • Common theme: Multi-layer enforcement (L4 + L7) • Access decisions based on identity and application protocol, not just IP address and port
Mutually Reinforcing SOA and Security 13 • SOA adds a new dimension to the security landscape • Loosely coupled connections • Requirements for cross-domain federation • Don’t assume the average developer understands all the issues • Don’t assume that all services can safely combine in all security contexts • Recommended strategy • Build on existing IdM strategy • Externalize security as much as possible (e.g. authentication, authorization, crypto, audit) • Combine transport-level and application-level protections • Use layered defenses • Establish good governance processes
Applying SOA to Security 14 Layered defenses • Policy enforcement points (PEPs) as intermediaries and at endpoint s • Externalize security functions to the PEPs Firewalls (Perimeter PEPs) Service Service Service External Service Endpoint Endpoint Endpoint PEP PEP PEP External Service Centralized Intermediary Intermediary PEP PEP PEP External Service Endpoint Endpoint Endpoint External DMZ PEP PEP PEP Service Service Service Service
Mediation in the Cloud 15 Cloud broker or gateway product Typical functionality • Secure communications • Multi-protocol • Enforce policy • Authentication Firewall • Access control • Logging and audit Cloud gateway Source of diagram: Layer7 (originally concerning the SecureSpan product)
New Security Models for the Cloud 16 Recommendations and takeaways • Think “service-oriented” when you’re thinking cloud • Mutually reinforce SOA and security: • Secure communications methods • Layered defense • Good governance • Consider cloud brokers to enforce policies in the cloud
New Security Model Requirements for the Cloud Enabling Safe Cloud Computing K. Scott Morrison CTO & Chief Architect
Trust is the fundamental requirement of cloud computing
Anne showed us we need to: Understand Risk Control Boundaries Trust is the measure of your confidence in these
But How Do We Gain Control Over SaaS? Consider the degrees of freedom SOA offers us
Pattern 1: Assert Outgoing Control Single Sign On Managed access to authorized services SLA enforcement Firewall Audit Directory NetOps
Pattern 2: Manage Access to Corporate Resources Access Control Alarms and audit Safe routing DMZ Firewall Secure Zone Directory SaaS Application NetOps User
How Do We Assert Control Over IaaS?
Pattern 3: Manage Cloud-Based SOA Apps with Virtual PEP Hardware PEP Virtual PEP Cloud Services Identical Functionality Virtual PEP Hardware PEP Instances Secure Services, Not Networks
What Does Layered Defense Look Like In The Cloud? Firewalls (Perimeter PEPs) Service Service Service External Service Endpoint Endpoint Endpoint PEP PEP PEP External Service Centralized Intermediary Intermediary PEP PEP PEP External Service Endpoint Endpoint Endpoint External DMZ PEP PEP PEP Service Service Service Service
Zones of Trust ? Application- ? Layer ? Isolation, Monitoring, & Control ? ? Cloud Edge Virtual Secure Message PEP This is true SOA defense-in-depth
This Is The Ultimate Realization Of SOA Visibility Security Control Cloud Governance is the evolution of SOA NetOps Governance
For More Information: K. Scott Morrison Anne Thomas Manes Layer 7 Technologies Burton Group CTO and Chief Architect VP & Research Director smorrison@layer7tech.com amanes@burtongroup.com http://www.layer7tech.com http://www.brutongroup.com Twitter: @kscottmorrison Twitter: @atmanes

Recomendados

Applied Domain-Driven Design Blueprints for Jakarta EE
Applied Domain-Driven Design Blueprints for Jakarta EEApplied Domain-Driven Design Blueprints for Jakarta EE
Applied Domain-Driven Design Blueprints for Jakarta EE
Jakarta_EE
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
 
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon Web Services Korea
 
Test-Driven Security
Test-Driven SecurityTest-Driven Security
Test-Driven Security
VMware Tanzu
 
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
BESPIN GLOBAL
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture Patterns
Amazon Web Services
 
超酷炫科幻 UI:QML 入門
超酷炫科幻 UI:QML 入門超酷炫科幻 UI:QML 入門
超酷炫科幻 UI:QML 入門
Fred Chien
 
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
Amazon Web Services Korea
 

Recomendados

Applied Domain-Driven Design Blueprints for Jakarta EE
Applied Domain-Driven Design Blueprints for Jakarta EEApplied Domain-Driven Design Blueprints for Jakarta EE
Applied Domain-Driven Design Blueprints for Jakarta EE
Jakarta_EE
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
 
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon SNS로 지속적 관리가 가능한 대용량 푸쉬 시스템 구축 여정 - AWS Summit Seoul 2017
Amazon Web Services Korea
 
Test-Driven Security
Test-Driven SecurityTest-Driven Security
Test-Driven Security
VMware Tanzu
 
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
베스핀글로벌 OpsNow 웨비나_클라우드 비용 50% 절감하기
BESPIN GLOBAL
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture Patterns
Amazon Web Services
 
超酷炫科幻 UI:QML 入門
超酷炫科幻 UI:QML 入門超酷炫科幻 UI:QML 入門
超酷炫科幻 UI:QML 入門
Fred Chien
 
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
AWS Summit Seoul 2023 | AWS Graviton과 함께하는 계획문제 최적화 애플리케이션 개발
Amazon Web Services Korea
 
MongoDB at Scale
MongoDB at ScaleMongoDB at Scale
MongoDB at Scale
MongoDB
 
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
NAVER D2
 
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon Web Services Korea
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at NetflixEmbracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at Netflix
Josh Evans
 
Suppressing http headers from web sphere application server
Suppressing http headers from web sphere application serverSuppressing http headers from web sphere application server
Suppressing http headers from web sphere application server
Dave Hay
 
MongoDB Workshop
MongoDB WorkshopMongoDB Workshop
MongoDB Workshop
eagerdeveloper
 
In-Depth Model/View with QML
In-Depth Model/View with QMLIn-Depth Model/View with QML
In-Depth Model/View with QML
ICS
 
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
Amazon Web Services Korea
 
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
Amazon Web Services Korea
 
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
Amazon Web Services Korea
 
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
Amazon Web Services Korea
 
Front end-security
Front end-securityFront end-security
Front end-security
Miao Siyu
 
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
Amazon Web Services Korea
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Amazon Web Services
 
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
Amazon Web Services Korea
 
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
AWSKRUG - AWS한국사용자모임
 
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional ConsultantCV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
Eng. Muhannad Dawoud
 
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
Amazon Web Services Korea
 
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with QtConvert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
ICS
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
Web services and SOA
Web services and SOAWeb services and SOA
Web services and SOA
Subin Sugunan
 

Mais conteúdo relacionado

Mais procurados

Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon Web Services Korea
 
Suppressing http headers from web sphere application server
Suppressing http headers from web sphere application serverSuppressing http headers from web sphere application server
Suppressing http headers from web sphere application server
Dave Hay
 
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
Amazon Web Services Korea
 
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
Amazon Web Services Korea
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Amazon Web Services
 
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
Amazon Web Services Korea
 
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional ConsultantCV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
Eng. Muhannad Dawoud
 
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with QtConvert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
ICS
 

Mais procurados (20)

MongoDB at Scale
MongoDB at ScaleMongoDB at Scale
MongoDB at Scale
 
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
[115]쿠팡 서비스 클라우드 마이그레이션 통해 배운것들
 
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
Amazon EC2 고급 활용 기법 및 모범 사례::이진욱::AWS Summit Seoul 2018
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at NetflixEmbracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at Netflix
 
Suppressing http headers from web sphere application server
Suppressing http headers from web sphere application serverSuppressing http headers from web sphere application server
Suppressing http headers from web sphere application server
 
MongoDB Workshop
MongoDB WorkshopMongoDB Workshop
MongoDB Workshop
 
In-Depth Model/View with QML
In-Depth Model/View with QMLIn-Depth Model/View with QML
In-Depth Model/View with QML
 
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
AWS 비용 효율화를 고려한 Reserved Instance + Savings Plan 옵션 - 박윤 어카운트 매니저 :: AWS Game...
 
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
Amazon SageMaker 오버뷰 - 강성문, AWS AI/ML 스페셜리스트 :: AIML 특집 웨비나
 
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
농심 그룹 메가마트 : 온프레미스 Exadata의 AWS 클라우드 환경 전환 사례 공유-김동현, NDS Cloud Innovation Ce...
 
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
AWS로 게임 런칭 준비하기 ::: 장준성, 채민관, AWS Game Master 온라인 시리즈 #4
 
Front end-security
Front end-securityFront end-security
Front end-security
 
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
서버리스 기반 데이터베이스 모델링 및 운영 노하우 알아보기 - 변규현 SW 엔지니어, 당근마켓 / 김선형 CTO, 티클 :: AWS Sum...
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
클라우드 세상에서 살아남기: 금융편 - 이한주 대표이사/공동창업자, 베스핀 글로벌 / 김민성 팀장, KB국민카드 :: AWS Summit ...
 
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
Amazon Sagemaker Studio를 통한 ML개발하기 - 소성운(크로키닷컴) :: AWS Community D...
 
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional ConsultantCV - Senior Oracle Financial HRMS Techno-Functional Consultant
CV - Senior Oracle Financial HRMS Techno-Functional Consultant
 
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
AWS Elastic Beanstalk기반 Docker 콘테이너 배포를 통한 마이크로서비스 구축
 
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with QtConvert Your Legacy OpenGL Code to Modern OpenGL with Qt
Convert Your Legacy OpenGL Code to Modern OpenGL with Qt
 

Destaque

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
(ARC309) Getting to Microservices: Cloud Architecture Patterns
(ARC309) Getting to Microservices: Cloud Architecture Patterns(ARC309) Getting to Microservices: Cloud Architecture Patterns
(ARC309) Getting to Microservices: Cloud Architecture Patterns
Amazon Web Services
 

Destaque (20)

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Web services and SOA
Web services and SOAWeb services and SOA
Web services and SOA
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacy
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Cloud Security Alliance Guide to Cloud Security
Cloud Security Alliance Guide to Cloud SecurityCloud Security Alliance Guide to Cloud Security
Cloud Security Alliance Guide to Cloud Security
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
 
Cloud security
Cloud security Cloud security
Cloud security
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
 
Iso 27001 iso 27002
Iso 27001 iso 27002Iso 27001 iso 27002
Iso 27001 iso 27002
 
(ARC309) Getting to Microservices: Cloud Architecture Patterns
(ARC309) Getting to Microservices: Cloud Architecture Patterns(ARC309) Getting to Microservices: Cloud Architecture Patterns
(ARC309) Getting to Microservices: Cloud Architecture Patterns
 
The Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessThe Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - Business
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 

Semelhante a Layer 7 & Burton Group: New Cloud Security Model Requirements

Cloud computing
Cloud computingCloud computing
Cloud computing
vdvennen
 
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYData Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
Logicalis Latam
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services management
Lilian Schaffer
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services management
Lilian Schaffer
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
Asheem Chandna
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
drmarcustillett
 
Cisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakinCisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakin
OptusBusiness
 

Semelhante a Layer 7 & Burton Group: New Cloud Security Model Requirements (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeInfrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
 
Strategic Importance of Semantic Technologies as a Key Differentiator for IT ...
Strategic Importance of Semantic Technologies as a Key Differentiator for IT ...Strategic Importance of Semantic Technologies as a Key Differentiator for IT ...
Strategic Importance of Semantic Technologies as a Key Differentiator for IT ...
 
Opportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingOpportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputing
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYData Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services management
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services management
 
Managing Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public CloudManaging Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public Cloud
 
The role of hyper-v in nist model
The role of hyper-v in nist modelThe role of hyper-v in nist model
The role of hyper-v in nist model
 
The unified data center for cloud david yen
The unified data center for cloud david yenThe unified data center for cloud david yen
The unified data center for cloud david yen
 
Cloud Update
Cloud UpdateCloud Update
Cloud Update
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
 
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott DavisMassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
 
Hybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough UniversityHybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough University
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
 
An enterprise journey in the Cloud
An enterprise journey in the CloudAn enterprise journey in the Cloud
An enterprise journey in the Cloud
 
Desktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of ITDesktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of IT
 
Extending Your Infrastructure & Data to the Cloud
Extending Your Infrastructure & Data to the CloudExtending Your Infrastructure & Data to the Cloud
Extending Your Infrastructure & Data to the Cloud
 
Cisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakinCisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakin
 

Mais de CA API Management

Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
CA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
CA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
CA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
CA API Management
 

Mais de CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Layer 7 & Burton Group: New Cloud Security Model Requirements

  • 1. Anne Thomas Manes New Security Models for the Cloud VP & Research Director amanes@burtongroup.com www.burtongroup.com Twitter: @atmanes November 19, 2009 All Contents © 2009 Burton Group. All rights reserved.
  • 2. Cloud Computing 2 The set of disciplines, technologies, and business models used to deliver IT capabilities (software, platforms, hardware) as on-demand, scalable, elastic services How can I Look more make this... like this?
  • 3. Security - Who is in control?
  • 4. What…Me Worry? • Public cloud’s multi-tenant, dynamic characteristics may put sensitive, or regulated data at risk • Vendor viability creates strategic risk • Denial of service attacks could create systemic risk • A lack of transparency and accountability about security from cloud vendors lowers IDC survey: 74% rate trust cloud security issues as “very significant”
  • 5. How’s the Public Cloud Security? Incidents • November 2007: Salesforce Staff Speared by Phishers • July, 2008 Hey Spammers, Get Off My Cloud! • March 2009: Google Privacy Blunder Shares Your Docs… • June 2009: Webhost hack wipes out data for 100,000 sites • October 2009: Amazon Web Services DDoS Attack And The Cloud • More at http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
  • 6. Service consumer Service request (console or API) Service Cloud Computing catalog Service interface Enterprise service management Enterprise service management Cloud Requires a New Virtual DC Virtual DC Virtual DC External application(s) Security Architecture Cloud OS Service bus External service • Virtual data centers Internal IT Cloud management provider • Service oriented organization Service interface Virtual infrastructure management interfaces • Next generation Traditional Virtual infrastructure Cloud OS operating systems and infrastructure Compute Network Storage Security Virtual infrastructure management tools Physical infrastructure Physical infrastructure Compute Network Storage Security
  • 7. Rethinking Security Architecture Security perimeters are changing • Activities and data move across open, untrusted networks • “Zones of trust” must become more logical than physical • Identity and application-aware firewalls • Security vendors must embrace virtualization security • Security management must span internal and external clouds
  • 8. Rethinking Security Architecture Service-oriented security and identity management • Security must span internal and external clouds • Service oriented interfaces must be secured • Existing domain access control must give way to standards-based identity services • Multiple sources of identity • Encryption and key management must “follow” sensitive data
  • 9. Security Zone Model 9 Zone definition: “A grouping of IT resources which may reside at multiple locations but have similar business communication and network protection requirements” Typical organization has equivalent of some or all of these zones * Audit zone optional
  • 10. Changing Zone Implementations 10 Physical view – “old school” zone implementation Separation between the enterprise resources (sites, servers, devices) and the untrusted zone accomplished by Perimeter Devices Enterprise Controlled/Owned Enterprise Controlled/Owned User Site Data Center Not necessarily secure protocols Monitoring and Enforce- Site to Site VPN ment Not or Private WAN Necessarily Access Server secure Perimeter “Farm” endpoint Internet
  • 11. Changing Zone Implementations 11 Physical view – “new school” zone implementation Separation between the enterprise resources (sites, servers, devices) and the untrusted zone accomplished by cryptography, e.g. Security Overlays Enterprise Controlled/Owned Data Center Secure Protocols Monitoring VPN and Any network or Or Proxy Enforce- site System End to ment Secure End Sec Endpoint (VPN client, End to Access Server system End Sec Perimeter “Farm” firewall, etc.) (resulting in this kind of topology)
  • 12. Dynamic Perimeter Enforcement 12 New model: Logical zones with dynamic perimeters • Numerous, coordinated endpoint security agents • Centralized policy controls connection rules • Smarter firewalls • Smarter switching fabric • Common theme: Multi-layer enforcement (L4 + L7) • Access decisions based on identity and application protocol, not just IP address and port
  • 13. Mutually Reinforcing SOA and Security 13 • SOA adds a new dimension to the security landscape • Loosely coupled connections • Requirements for cross-domain federation • Don’t assume the average developer understands all the issues • Don’t assume that all services can safely combine in all security contexts • Recommended strategy • Build on existing IdM strategy • Externalize security as much as possible (e.g. authentication, authorization, crypto, audit) • Combine transport-level and application-level protections • Use layered defenses • Establish good governance processes
  • 14. Applying SOA to Security 14 Layered defenses • Policy enforcement points (PEPs) as intermediaries and at endpoint s • Externalize security functions to the PEPs Firewalls (Perimeter PEPs) Service Service Service External Service Endpoint Endpoint Endpoint PEP PEP PEP External Service Centralized Intermediary Intermediary PEP PEP PEP External Service Endpoint Endpoint Endpoint External DMZ PEP PEP PEP Service Service Service Service
  • 15. Mediation in the Cloud 15 Cloud broker or gateway product Typical functionality • Secure communications • Multi-protocol • Enforce policy • Authentication Firewall • Access control • Logging and audit Cloud gateway Source of diagram: Layer7 (originally concerning the SecureSpan product)
  • 16. New Security Models for the Cloud 16 Recommendations and takeaways • Think “service-oriented” when you’re thinking cloud • Mutually reinforce SOA and security: • Secure communications methods • Layered defense • Good governance • Consider cloud brokers to enforce policies in the cloud
  • 17. New Security Model Requirements for the Cloud Enabling Safe Cloud Computing K. Scott Morrison CTO & Chief Architect
  • 18. Trust is the fundamental requirement of cloud computing
  • 19. Anne showed us we need to: Understand Risk Control Boundaries Trust is the measure of your confidence in these
  • 20. But How Do We Gain Control Over SaaS? Consider the degrees of freedom SOA offers us
  • 21. Pattern 1: Assert Outgoing Control Single Sign On Managed access to authorized services SLA enforcement Firewall Audit Directory NetOps
  • 22. Pattern 2: Manage Access to Corporate Resources Access Control Alarms and audit Safe routing DMZ Firewall Secure Zone Directory SaaS Application NetOps User
  • 23. How Do We Assert Control Over IaaS?
  • 24. Pattern 3: Manage Cloud-Based SOA Apps with Virtual PEP Hardware PEP Virtual PEP Cloud Services Identical Functionality Virtual PEP Hardware PEP Instances Secure Services, Not Networks
  • 25. What Does Layered Defense Look Like In The Cloud? Firewalls (Perimeter PEPs) Service Service Service External Service Endpoint Endpoint Endpoint PEP PEP PEP External Service Centralized Intermediary Intermediary PEP PEP PEP External Service Endpoint Endpoint Endpoint External DMZ PEP PEP PEP Service Service Service Service
  • 26. Zones of Trust ? Application- ? Layer ? Isolation, Monitoring, & Control ? ? Cloud Edge Virtual Secure Message PEP This is true SOA defense-in-depth
  • 27. This Is The Ultimate Realization Of SOA Visibility Security Control Cloud Governance is the evolution of SOA NetOps Governance
  • 28. For More Information: K. Scott Morrison Anne Thomas Manes Layer 7 Technologies Burton Group CTO and Chief Architect VP & Research Director smorrison@layer7tech.com amanes@burtongroup.com http://www.layer7tech.com http://www.brutongroup.com Twitter: @kscottmorrison Twitter: @atmanes