1 / 21

Security in the Cloud: Can You Trust What You Can’t Touch?

Security in the Cloud: Can You Trust What You Can’t Touch?. Rob Johnson Security Architect, Cloud Engineering Unisys Corp. Security in the Cloud: Agenda. Introductions What is Cloud Computing, and what are the risks? Cloud Security Architecture Multi-Tenancy Considerations Wrap-up.

taniel
Download Presentation

Security in the Cloud: Can You Trust What You Can’t Touch?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in the Cloud:Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

  2. Security in the Cloud: Agenda • Introductions • What is Cloud Computing, and what are the risks? • Cloud Security Architecture • Multi-Tenancy Considerations • Wrap-up

  3. Security in the Cloud: Introductions • Who am I? • Rob Johnson, Distinguished Engineer, Unisys Corp. • 30 years doing I/O, networking, and security • Who is Unisys? • 130+ year heritage • Provides technology, services, and solutions to the world’s largest enterprises • Who are You?

  4. Security in the Cloud: What is Cloud Computing? • National Institute of Standards and Technology (NIST): http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc • Essential Characteristics: On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service • Service Models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) • Deployment Models: Private cloud, Community cloud, Public cloud, Hybrid cloud • On/off Premise • Security controls being defined by industry: FedRAMP, PCI DSS v2.0, etc.

  5. Security in the Cloud: What are the Risks? • #1 Loss of control of assets (applications and data) • Where are they? • How many copies are there? • Who can access them? • #2 Compliance • Regulatory Audits: PCI DSS v2, HIPAA, COBIT, FedRAMP, etc. • Jurisdictional Boundaries: Patriot Act, Data locality regulations • #3 Provider Transparency • Process visibility • Audit, logging, and Incident Event Management (IEM)

  6. Cloud Computing: Service Models • Software as a Service (SaaS): • Complete application environment supplied and managed by the Cloud Provider, not tenant • Platform as a Service (PaaS) • Provider supplies an application development and execution environment. • Tenant can secure data and inter-process communication. • Infrastructure as a Service (IaaS) • Provider supplies the infrastructure components (compute, network, storage), but little else. • Tenant runs a virtual data center.

  7. Security in the Cloud: Cloud Security Architecture • Service Models wrapped in Access Planes

  8. Cloud Security Architecture: Access Planes • Service Models wrapped in Access Planes • Provider Administration:Controls and manages the service components • IaaS: Hypervisors, vSwitches, vFirewalls, storage vLUNs, etc. • PaaS: VMs for hosting applications, web services, storage containers, load balancers, etc. • SaaS: Application suites, databases, identity management, etc.

  9. Cloud Security Architecture: Access Planes • Service Models wrapped in Access Planes • Provider Administration • Tenant Administration:Manages per-Tenant components • IaaS: VMs, vFirewalls, vLUNs • PaaS: Applications, object stores • SaaS: Users, application data objects

  10. Cloud Security Architecture: Access Planes • Service Models wrapped in Access Planes • Provider Administration • Tenant Administration • End User Access • IaaS: VM console (RDP, rsh, etc.) • PaaS: Distributed apps (SOA, webapps), test/dev, etc. • SaaS: Application presentation

  11. Cloud Security Architecture: Access Planes • Service Models wrapped in Access Planes • Provider Administration • Tenant Administration • End User Access • Intra-Cloud Access • Service-to-service • Intra-tenant • Web services

  12. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Identity and Access Management:“Who are you, and why do they keep sending you here?” • Transparency:“Where are my assets, and who is doing what to them?”

  13. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Memory • Processors and caches • NICs • HBAs • etc.

  14. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Data in Motion • Cloud Intranet • VLANsand Firewalls • Cryptographic Communities of Interest • IPsec • SSL • Unisys Stealth

  15. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Data in Motion • Cloud Intranet • Extranet / Internet • Tenant DMZs • Site-to-site VPNs • Remote users • Web access

  16. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Data in Motion • Data at Rest • Network Attached Storage (NAS) • Per-tenant file servers • Access Control Lists (ACLs) • Encrypted File Systems

  17. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Data in Motion • Data at Rest • Network Attached Storage (NAS) • Storage Area Network (SAN) • Virtualized LUNs • Encryption / Authentication • Replication / Dispersal

  18. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Data in Process • Data in Motion • Data at Rest • Network Attached Storage (NAS) • Storage Area Network (SAN) • PaaS storage objects & containers

  19. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Identity & Access Management:“Who are you, and why do they keep sending you here?” • Identification: Who are you? • Authentication: Prove you are who you say you are. • Authorization: What are you allowed to do / what is your role? • Validation: Double-check before executing

  20. Security in the Cloud: Multi-Tenancy Considerations • Isolation and Containment: Tenants Share Physical Resources • Identity & Access Management:“Who are you, and why do they keep sending you here?” • Transparency:“Where are my assets, and who is doing what to them?” • Accountability: All actions are securely audited • Chargeability: Pay-for-play • SLAs: Availability, scalability,performance, etc.

  21. Security in the Cloud: Wrap-up • Cloud Computing = losing control of assets (data, applications) • Secure Cloud Computing = regaining control through identity management, secure networking, secure storage, and provider transparency Questions?

More Related