1 / 46

How do you secure a cloud

nedaa
Download Presentation

How do you secure a cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. Jamie Sharp CISSP Security Architect Microsoft Australia How do you secure a cloud? http://www.youtube.com/watch?v=xxHaHdyP01Q http://www.youtube.com/watch?v=xxHaHdyP01Q

    3. Agenda Perspective Defining the clouds Understanding the situation Global Foundation Services BPOS security

    4. http://www.whomovedmycheese.com/http://www.whomovedmycheese.com/

    5. Opportunity

    6. Trust Westpac has a long and proud history as Australia's first and oldest bank. It was established in 1817 as the Bank of New South Wales. Westpac has a long and proud history as Australia's first and oldest bank. It was established in 1817 as the Bank of New South Wales.

    7. Risk In 2009, 1507 people lost their lives in road accidents Road Deaths Australia - 2009 Statistical Summary http://www.bitre.gov.au/publications/69/Files/Ann_Road_Deaths.pdf Since 1999, 87 people lost their lives in commercial air accidents Aviation Occurrence Statistics 1999 to 2009 http://www.atsb.gov.au/publications/2009/ar2009016(3).aspx In 2009, 1507 people lost their lives in road accidents Road Deaths Australia - 2009 Statistical Summary http://www.bitre.gov.au/publications/69/Files/Ann_Road_Deaths.pdf Since 1999, 87 people lost their lives in commercial air accidents Aviation Occurrence Statistics 1999 to 2009 http://www.atsb.gov.au/publications/2009/ar2009016(3).aspx

    8. NIST Definition of Cloud Computing Definition: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.   Essential Characteristics: On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service http://csrc.nist.gov/groups/SNS/cloud-computing/index.html http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

    9. Defining the clouds

    10. Microsoft Cloud Assets

    11. http://gnews.com/happy-birthday-to-msn-the-microsoft-network-18201004081024/ http://gnews.com/happy-birthday-to-msn-the-microsoft-network-18201004081024/

    12. Understanding the situation

    13. Paradigm change

    14. What Changes

    15. Key Inhibitors to Adopting Cloud Computing

    16. Drivers and Barriers for Cloud Computing

    17. Cloud Security Alliance - Security Guidance for Critical Areas of Focus in Cloud Computing http://www.cloudsecurityalliance.org/http://www.cloudsecurityalliance.org/

    18. Assessing the Security Risks of Cloud Computing – Gartner June 2008 Recommendations: Apply existing risk assessment methodology to cloud computing Understand compliance requirements Demand transparency Develop a strategy for the use of cloud delivery mechanisms http://www.gartner.com/DisplayDocument?id=685308 http://www.gartner.com/DisplayDocument?id=685308

    19. Global Foundation Services

    20. Global Foundation Services

    21. GFS Datacenter Inventory

    22. Video - GFS Global Data Center Strategy http://www.globalfoundationservices.com/infrastructure/index.html http://www.globalfoundationservices.com/infrastructure/index.html

    23. Securing Microsoft’s Cloud Infrastructure http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdfhttp://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf

    24. Information Security Program

    25. Maintain a Deep Set of Security Controls

    26. Comprehensive Compliance Framework http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf

    27. BPOS Security

    28. BPOS Standard and Dedicated Versions http://www.microsoft.com/downloads/details.aspx?FamilyID=5736aaac-994c-4410-b7ce-bdea505a3413&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=5736aaac-994c-4410-b7ce-bdea505a3413&DisplayLang=en http://www.microsoft.com/downloads/details.aspx?FamilyId=5534BEE1-3CAD-4BF0-B92B-A8E545573A3E&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=5736aaac-994c-4410-b7ce-bdea505a3413&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=5736aaac-994c-4410-b7ce-bdea505a3413&DisplayLang=en http://www.microsoft.com/downloads/details.aspx?FamilyId=5534BEE1-3CAD-4BF0-B92B-A8E545573A3E&displaylang=en

    29. Assessing the Security Risks of Cloud Computing - Gartner What to evaluate Privileged user access Compliance Data location Data segregation Availability Recovery Investigative support Viability http://www.gartner.com/DisplayDocument?id=685308http://www.gartner.com/DisplayDocument?id=685308

    30. Privileged User Access Admin Authentication Individual accounts for traceability Least privilege and service segregation approach Two-factor authentication for physical and logical access Automatic revocation of credentials with employment status changes Background Checks

    31. Privileged User Access Datacenter Security

    32. Compliance

    33. Data Segregation and Protection Communications All BPOS-S authentication and content traffic encrypted using SSL BPOS-D requires a dedicated transport means between MOS and the customer Enabled via the following options: Internet-based site-to-site VPN Customer-provided connectivity, typically an MPLS link

    34. Data Segregation and Protection Network Security Firewalls used for packet inspection and enforcing rules ACLs are used to filter networks based on protocol/port Intrusion detection and prevention systems in LANs and the edge VLANs (802.1q) used to segregate broadcast domains and segregate BPOS-D customers

    35. Data Segregation and Protection BPOS-D Logical Network Security

    36. Data Segregation and Protection Identity Segregation in BPOS-D BPOS-D Active Directory forest will trust the customer forest(s) Customer forest(s) never trust BPOS-D Default trust type is External, per domain Forest trust is an option, required by SharePoint for USG support Domain controllers co-located at Microsoft datacenter

    37. Data Segregation and Protection BPOS-D Active Directory Logical Design

    38. Data Segregation and Protection Malware and Antispam Protection Antispam and antimalware protection for Exchange Online provided by FOPE Connection, protocol and content level filtering Leverages Microsoft reputation when delivering e-mail Malware protection for SharePoint online provided by Forefront Protection for SharePoint Multiple engine support

    39. Availability Global Foundation Services provides core infrastructure SLAs are defined for each service MOS provides a 99.9% availability SLA Performance to SLA held to financial penalty clauses Backed by Microsoft Support http://www.microsoft.com/downloads/details.aspx?familyid=7FBD1A59-0148-450D-9BDF-50AF6C634B07&displaylang=en http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=069df92a-4f58-45e3-bbf8-93ed6bcb61d1 http://www.microsoft.com/downloads/details.aspx?familyid=4888FF5B-14A7-4F60-AC35-4713F5F08445&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=7FBD1A59-0148-450D-9BDF-50AF6C634B07&displaylang=en http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=069df92a-4f58-45e3-bbf8-93ed6bcb61d1 http://www.microsoft.com/downloads/details.aspx?familyid=4888FF5B-14A7-4F60-AC35-4713F5F08445&displaylang=en

    40. Recovery Redundant server and network resources SQL Mirroring to prevent data loss due to disk failure All data replicated to at least two datacenters Log-Shipping every 15 minutes Delayed playback Database backups to support up to 7 days of non-disaster-related data loss/recoverability User and site admin accessible Recycle Bins

    41. Investigative Support Exchange Hosted Archiving Additional service, not part of BPOS Helps customers comply with e-discovery requirements Delivers complete message archiving with no capital investments Automatic message retention of inbound, outbound and internal messages Fully indexed for integrated message discovery and retrieval using Web-based interface

    42. Get Ready for Cloud! Risk Based Approach http://edge.technet.com/Media/How-Microsoft-Uses-Risk-Tracker-to-Reduce-Risk/ Identity & Access Management http://www.microsoft.com/forefront/en/us/identity-access-management.aspx Threat Modelling http://technet.microsoft.com/en-us/library/dd941826.aspx Compliance http://technet.microsoft.com/en-us/library/cc677002.aspx

    43. Thanks for coming!

    45. Complete evaluation forms on Schedule Builder Be in the running for a Jabra GN2000 USB Noise-Cancelling Mono headset

More Related