1 / 20

CloudTrust Protocol

CloudTrust Protocol. Orientation and Status. CloudTrust Protocol Orientation Topics. Why is it? What is it? CTP transfer to CSA {Strong} connection to CloudAudit Existing plans & strategies Things for the CSA/CloudAudit to “resolve” … other stuff …. The Value Equation in the Cloud.

angelgreen
Download Presentation

CloudTrust Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CloudTrust Protocol Orientation and Status CloudTrust Protocol Orientation

  2. CloudTrust Protocol Orientation Topics • Why is it? • What is it? • CTP transfer to CSA • {Strong} connection to CloudAudit • Existing plans & strategies • Things for the CSA/CloudAudit to “resolve” • … other stuff … CloudTrust Protocol Orientation

  3. The Value Equation in the Cloud VALUE Captured Delivering evidence-based confidence… with compliance-supporting data & artifacts. CloudTrust Protocol Orientation

  4. The CTP Transfer • Nonexclusive, no-cost, royalty-free license to CloudTrust Protocol(CTP Version 2.0 – see reference #2 below) • Nonexclusive, no-cost, royalty-free license to make derivative works of/for the CTP • CSC representative as co-chair of CSA’s CTP Working Group • CSA to include an acknowledgement that CSC is the original developer of the CTP in any published materials (including electronic publication) that mention the CTP • Free, unrestricted use of CTP derivative works by CSC References See “Digital Trust in the Cloud”, August 2009, www.csc.com/security/insights/32270-digital_trust_in_the_cloud See “Digital Trust in the Cloud: A Precis on the CloudTrust Protocol (V2.0)”, July 2010, http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp See “CSA + CTP = Nebula Nova”, 25 July 2011, http://www.csc.com/cloud/blog/68078-csa_ctp_nebula_nova_a_commentary_and_essay CloudTrust Protocol Orientation

  5. Research Conclusions SummaryInitial Results-August 2009 • The desire to benefit from the elastic promise of cloud processing is blocked for most enterprise applications because of security and privacy concerns. • The re-introduction of transparency into the cloud is the single biggest action needed to create digital trust in a cloud and enable the capture of enterprise-scale payoffs in cloud processing. • Even today there are ways to benefit from cloud processing while technologies and techniques to deliver digital trust in the cloud are evolving. • CSC has created a definition and an approach to "orchestrate" a trusted cloud and restore needed transparency. • Resist the temptation to jump into even a so-called “secure” cloud just to save money. Aim higher! Jump into the right “trusted” cloud to create and capture new enterprise value. CloudTrust SCAP www.csc.com/security/insights/32270-digital_trust_in_the_cloud Or at www.csc.com/lefreports CloudTrust Protocol Orientation

  6. CloudTrust Protocol RevealedResearch Extension Detailing “What” and “How” – July 2010 • Transparency in the cloud is the key to capturing digital trust payoffs for both cloud consumers and cloud providers. • The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency. • The reliable delivery of only a few elements of transparency generate a lot of digital trust, and that digital trust liberates cloud users to bring more and more core enterprise services and data to cloud techniques. • Transparency-as-a-Service (TaaS) using the CTP provides a flexible, uniform, and simple technique for reclaiming transparency into actual cloud architectures, configurations, services, and status … responding to both cloud user and cloud provider needs. • Transparency protocols like the CTP must be accompanied by corresponding concepts of operation and contractual conditions to be completely effective. CloudTrust 2.0 SCAP CloudAudit http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp CloudTrust Protocol Orientation

  7. CTP V2.0Next Updates will be Published through the Cloud Security Alliance • Syntax • Semantics • Self-defined response(No insistence on orthodoxy) • Asset model • Scope of response • Implementation/deployment options • Extension CloudTrust Protocol Orientation

  8. A Complete Cloud Security Governance, Risk, and Compliance (GRC) StackCloudTrust Protocol (CTP) Included Within CSA GRC Stack Deliver “continuous monitoring” required by A&A methodologies CloudTrust Protocol Orientation

  9. Transparency as a Service (TaaS) Authorized Users What does my cloud computing configuration look like now? Where are my data and processing being performed? What vulnerabilities exist in my cloud configuration? What audit events have occurred in my cloud configuration? Who has access to my data now? CloudTrust Protocol Orientation

  10. Transparency as a Service (TaaS)Turn on the lights you need … when you need them CloudTrust Protocol Elements of Transparency 1 23 • Private Cloud • Other Public Clouds • CSC Trusted Cloud Transparency as a Service(TaaS)

  11. • • CloudTrust Protocol (CTP) Transparency as a Service (TaaS)Reclaiming Digital Trust Across Security, Privacy, and Compliance Needs SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI DSS, CFATS, DIACAP, NIST 800-53, ISO27001, CAG, ENISA, CSA V2.3, … Responding to all elements of transparency TaaS Enterprise CSC Trusted Community Cloud Cloud Trust Response Manager (CRM) TaaS Dashboard TaaS TaaS Private Trusted Cloud CTP CloudTrust Agent Responding to all elements of transparency Using reclaimed visibility into the cloud to confirm security and create digital trust Downstream compliance processing Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp

  12. Elements of Transparency in the CTP 6 TYPES Initiation Policy introduction Provider assertions Provider notifications EVIDENCE REQUESTS Client extensions FAMILIES Configuration Vulnerabilities ANCHORING Audit log Service Management Service Statistics ELEMENTS Geographic Platform Process Only 23 in entire protocol CloudTrust Protocol Orientation

  13. CloudTrust Protocol PathwaysMapping the Elements of Transparency in Deployment SCAP CloudAudit.org SCAP Sign / sealing 23 1 CloudTrust Protocol Orientation

  14. CloudTrust Protocol V2.0 See pages of 5-6 Attachment A • Syntax • Based on XML • Traditional RESTful web service over HTTP CloudTrust Protocol Orientation

  15. Asset Model Scope of Response CTP CTP Context of Deployment Scope of Coverage Level of Automation Elastic Characteristics of the CTP Cloud Providers Cloud Consumers Transparency-as-a-Service • Legend: • Provider dimension • Deployment dimension Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp

  16. Multiple Styles of ImplementationThe CTP is machine and human readable OUT-OF-BAND RESTful Web Service RESTful Web Service Trust Evidence (Elements of transparency) Trust Evidence (Elements of transparency) IN-BAND Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp

  17. Scope of TaaS Enterprise or Client-Specific CLIENT SPECIFIC RESTful Web Service Client Deployed Application Trust Evidence (Elements of transparency) Client Trust Evidence (Partial elements of transparency) ENTERPRISE Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp

  18. Undecideds… • Evidence Request category “integrity and liability verification technique” • Attest to the content, provenance, and imputability of the response (with legal import) • Transmission integrity not sufficient; Require legal liability of intent to provide response as delivered • E.g, Surety AbsoluteProof technique • Final namespace • Trust package correlation with all contributing (traditional) security services • Identity store for transparency service authorizations CloudTrust Protocol Orientation

  19. Undecideds… • EoT extension technique • Characteristics of specification • Degree of automation • Business constructs and back office issues, e.g., • SLA foundations • Concepts of operation • Service Terms & Conditions recommendations • Transparency operator training and operations monitoring CloudTrust Protocol Orientation

  20. THANK YOU

More Related