2012.03.22 -ibm's smartcloud + security. driving business transformation in banking &...
TRANSCRIPT
© 2012 IBM Corporation
IBM Security Systems
11© 2012 IBM Corporation
IBM Security Systems
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
Dave ZimmermanGlobal Solutions [email protected]
Marc van ZadelhoffVP IBM Security [email protected]
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
22
Key Takeaways:
1. Cloud computing is delivering business model transformation and real results to Banking & Financial Markets clients. Cloud’s 25% compound annual growth rate (CAGR) represents a significant investment for the financial services industry.
2. Cloud Security is an important topic. As a result, we have analyzed many client requirements for cloud and have determined key security concerns.
3. IBM Point of View: Cloud can be made secure for business.
4. This C-level, Executive Briefing is designed to share IBM’s insights & global best practices based on 2,000+ Cloud engagements in all industries.
5. Your local IBM representative can arrange for more in-depth discussions on these cloud security topics.
Cloud Security On Ramps
© 2012 IBM Corporation
IBM Security Systems
3 IBM Confidential3 IBM Confidential © 2012 IBM Corporation33
Agenda
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
44
CUSTOMERSRapidly evolving expectations for offerings, service unbiased advice, and convenience
REGULATIONRadically increased oversight ushering in a new era of increased government intervention
TRUSTRebuilding trust and confidence across the system is critical to future growth and stability
CAPITALIZATIONMature markets and emerging markets alike focus on rebuilding their capital reserves
COMPETITIONIntensified competition with increased M&A, divestitures and entrance of non-bank service providers
ECONOMYWeak conditions impact investment decisions andreduce need for financial services
Dramatic changes across the industry require new approaches to help maximize profitability and returnsDramatic changes across the industry require new approaches to help maximize profitability and returns
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
55
IBM’s studies confirm the need for business model transformation
“Tomorrow’s banks must become more client centric by leveraging sophisticated insights”
Banking CMO’s top concerns:1.Data Explosion2.Social Media3.Growth of channel
choices4.Shifting demographics
Banking CIO’s top focus:
1. Insight & Intelligence
2.Client Intimacy
3.Virtualization
4.Cloud Computing
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
66
To drive sustainable shareholder value, leaders in the financial services industry are focusing on four imperatives. . .To drive sustainable shareholder value, leaders in the financial services industry are focusing on four imperatives. . .
Create a customer-focused enterprise
Increase flexibility and streamline operations
Drive innovation while managing cost
Optimize enterprise risk management
What You Need to Know: C-Suite Insights (Use full-screen mode; Click on link)Cloud computing plays a vital role in helping executives bring their companies into the future. Learn how innovative cloud solutions are opening new possibilities for Kaiser Permanente, ING, Navistar, Bharti Airtel and others. http://www.youtube.com/watch?v=CD_elWBD1Zk
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
77
Standardization enabled by
integrated service management
Lower IT Operating and Capital Costs
Capex to Opex*
Fast access to current technology
and powerful computing
Removing IT complexity from
end users
Fine grained IT services with rapid
provisioning
What our clients are telling us: Cloud’s Cost Savings + Innovation = Value Creation
*Capex: Capital Expenses, *Opex: Operating Expenses; Cloud helps drive down capex (fixed costs) while delivering opex (pay-as-you-go) benefits.*Capex: Capital Expenses, *Opex: Operating Expenses; Cloud helps drive down capex (fixed costs) while delivering opex (pay-as-you-go) benefits.
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
88
AnalyticsAllows integration of customer data across banking silos to enable real-time insight
Business Services•Application & service management•Customer and relationship management•Client and market analytics
CollaborationCommunications and collaboration tools provide solutions to enable employees to share information seamlessly.
Industry ApplicationsData archiving and secure data retention.
Infrastructure ComputeFlexible and elastic on-demand compute resources for high demand application scaling.
Infrastructure StorageScalable storage solutions to ensure the real-time demands of today's trading and analytics processes are maintainable.
Desktop and DevicesRange of solutions can reduce costs & complexity, enable better security of PC data, enable centralized management of critical enterprise data
SecurityEnforce active security and endpoint management to ensure corporate governance and IT policies are maintained
Managed BackupRapid backup and recovery services for high availability.
Development and TestRapid configuration of environments for development increasing agility of development environment.
Banking & Financial Markets - Cloud computing is transforming all aspects of enterprise IT
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
99
Despite today’s economy, competition continues to invest
. . .from 45 days to less than 20 minutes. . .
Citigroup slashed server provisioning times for its 20,000 developers via IBM’s Private SmartCloud, speeding development cycles and allowing the bank to put new features and enhancements in the hands of customers more rapidly. Business problem: Citigroup needed to dramatically reduce time to market,
radically improve operational efficiencies and make the bank’s 20,000 developers more productive
Solution: IBM built a private SmartCloud using IBM lifecycle services management software solutions. It simplified self-service requests plus automated provisioning and internal chargeback capabilities
“The doors have just been opened. Certainly people who are provisioning virtual machines or requesting virtual machines for development are moving to this as soon as they know it’s available. It’s just a North American initiative right now, but we’ve got people around the world knocking on the door.” – Citigroup vice president
“The doors have just been opened. Certainly people who are provisioning virtual machines or requesting virtual machines for development are moving to this as soon as they know it’s available. It’s just a North American initiative right now, but we’ve got people around the world knocking on the door.” – Citigroup vice president
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1010
109,000 IBM employees use Blue Insight, the world’s largest business analytics private cloud.
1,800 IBM marketers across 6 continents utilize IBM cloud-based Marketing Operations daily.
6,000 IBM users of Blueworks Live to improve internal business processes
200 million minutes of IBM web conferencing with LotusLive Meetings.
Avoiding over $20M in expenses over 5 years with our private analytics cloud
1,200 users in IBM China development labs, plus IBM Call Center teams in the United States and India, have migrated to a desktop cloud environment.
10© 2012 IBM Corporation
IBM’s internal use of Cloud computing extends across the entire IBM organization and has transformed the business on multiple levels
© 2012 IBM Corporation
IBM Security Systems
11 IBM Confidential11 IBM Confidential © 2012 IBM Corporation1111
Agenda
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1212
Cloud computing changes the way we think about security
Private cloud Public cloud.
Hybrid IT
− High multi-tenancy and data separation
− Image management and compliance
− Security of the virtual / hypervisor layer
− Virtual network visibility
− Need for Service level agreements (SLAs)
− Provider responsibility for infrastructure
− Customization of security controls
− Visibility into day-to-day operations
− Access to logs and policies
− Applications and data are publically exposed
Changes in Security and Privacy
In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases - greatly affecting all aspects of security
While the security concerns are often shared across the different cloud models the responsibility changes from consumer to provider and this can present unique challenges.
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1313
Minimizing the risks of cloud computing requires a strategic approach
Define a cloud strategy with security in mind Identify the different workloads and how they need to interact. Which models are appropriate based on their security and trust requirements and the systems
they need to interface to?
Identify the security measures needed Using a methodology such as the IBM Security Framework helps clients measure what is
needed in areas such as governance, architecture, applications and assurance.
Enabling security for the cloud Define the upfront set of assurance measures that must be taken. Assess that the applications, infrastructure and other elements meet the security
requirements, as well as operational security measures.
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1414
Our approach to delivering cloud security aligns with each phase of a clients project or initiative
14
Design Deploy ConsumeEstablish a cloud strategyand implementation plan toget there.
Build cloud services, in theenterprise and/or as a cloudservices provider.
Manage and optimizeconsumption of cloudservices.
Examplesecuritycapabilities
Cloud security roadmap
Secure development
Network threat protection
Server security
Database security
Application security
Virtualization security
Endpoint protection
Configuration and patch management
Identity and access management
Secure cloud communications
Managed security services
Secure by DesignFocus on building security into the fabric of the cloud.
Workload DrivenSecure cloud resources with innovative features and products.
Service EnabledGovern the cloud throughongoing security operations and workflow.
IBM CloudSecurity Approach
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1515
IBM Cloud Security helps customers regain visibility and control
IBM is the only vendor with products, services and expertise to secure critical dimensions of cloud - spanning users, data, applications and virtualized infrastructure.
Enterprise-class security across all cloud domains
Visibility into the security of cloud environments
Secure access to cloud applications
Data protection for in motion and at rest.
Threat and vulnerability management solutions for applications and infrastructure.
Services specifically designed for securing the cloud
End-to-end coverage for securing private, hybrid and public clouds.
Best Cloud Computing Security
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1616
IBM’s breath of experience and security capabilities are being applied to all cloud adoption patterns
Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload.
Cloud Enabled Data Center
Business Solutions on Cloud
Cloud Platform Services
Cloud Service Provider
Only vendor in the market with end-to-end coverage of the security foundation
6K+ security engineers and consultants
Award-winning X-Force® research
Largest vulnerability database in the industry
Only vendor in the market with end-to-end coverage of the security foundation
6K+ security engineers and consultants
Award-winning X-Force® research
Largest vulnerability database in the industry
Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1717
Design Deploy Consume
Security Intelligence
Total visibility into virtual and cloud environments
IBM QRadar Security Intelligence Platform (SIEM, Risk Manager) X X X
People Enable single sign on across
multiple cloud servicesIBM Federated Identity Manager Business GW X
Data Protect and monitor
access to shared databases IBM InfoSphere Guardium X X
Applications Scan cloud deployed
web applications IBM Rational AppScan Suite X
Infrastructure
Defend users and apps from network attacks
IBM Security Network Intrusion Prevention System X
Protect VMs and hypervisor from advanced threats
IBM Virtual Server Protection for VMware X X
Provide patch and config management of VMs
IBM Tivoli Endpoint Manager for Security and Compliance X X
Services Understand the concerns of your unique cloud initiative
IBM Cloud Security Roadmap Service X
And we’ve developed a set of cloud security controls to get started
Cloud Security On Ramps
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1818
IBM also offers unmatched global coverage and security research
20,000+ devices under contract 3,700+ MSS clients worldwide 13B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)
20,000+ devices under contract 3,700+ MSS clients worldwide 13B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)
World Wide Managed Security Services Coverage
Security Operations Centers
Security Research Centers
Security Solution Development CentersSecurity Solution Development Centers
Institute for Advanced Security Branches
IBM Research
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
1919
IBM continues to research, test and document more focused approaches to cloud security
IBM ResearchSpecial research concentration in cloud security
IBM X-ForceProactive counter intelligence and public education
Customer CouncilsReal-world feedback from clients adopting cloud
Standards ParticipationClient-focused open standards and interoperability
IBM Institute for Advanced SecurityCollaboration between academia, industry, government, and the IBM technical community
© 2012 IBM Corporation
IBM Security Systems
21 IBM Confidential21 IBM Confidential © 2012 IBM Corporation2121
Agenda
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2222
Cloud Computing Reference Architecture (CCRA) – Architecture Overview
Cloud Computing Reference Architecture (CCRA) overview diagram defines basic elements of any cloud service environmentThree main roles: Cloud service consumer, provider and creator whereas multiple roles can be fulfilled by the same organization/personOffered cloud services, required Management services (CCMP) and underlying infrastructure are defined.Next level of drill-down defined for each architectural element
Common Cloud Management Platform (CCMP) is one element of the overall cloud computing reference architectureDefines operational and business support services commonly needed for delivering and managing any cloud service (I/P/S/BPaaS)Doesn’t imply a single, monolithic implementation of a CCMP. CCMP is typically implemented by a well-integrated set of mgmt products
Governance
Security, Resiliency, Performance & Consumability
Cloud ServiceCreator
Cloud ServiceConsumer
Cloud Service Provider
Common CloudManagement Platform (CCMP)
Operational Support Services
(OSS)
Cloud Services
Inf rastructure-as-a-Service
Platform-as-a-Service
Software-as-a-Service
Business-Process-as-a-Service
Business Support Services
(BSS)
Cloud Service
IntegrationTools
ConsumerIn-house IT
Service Creation
Tools
Infrastructure
Existing & 3rd party services, Partner
Ecosystems
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2323
Cloud Computing Reference Architecture (CCRA) – Drill DownCloud Computing Reference Architecture (CCRA) – Drill Down
Governance
Security, Resiliency, Performance & Consumability
Cloud ServiceCreator
Cloud Service ProviderCloud ServiceConsumer
Cloud Services
IaaS
PaaS
SaaS
BPaaS
Common CloudManagement Platform
Cloud Service Integration
Tools
Consumer In-house IT
Infrastructure
Middleware
Applications
Business Processes
OSS – Operational Support Services
BSS – Business Support Services
Subscription Management Pricing
Entitlement Management
Metering Rating Billing
Clearing & Settlement
Accounts Payable
Accounts Receivable
Customer Account
Management
Service Offering Catalog
Service Offering
Management
Contracts & Agreement
Management
Service Request
Management
Order Management
TransitionManager
DeploymentArchitect
OperationsManager
Service Provider Portal & API
Consumer Administrator
Consumer BusinessManager
Consumer End user
Service Creation Tools
Service Management Development
Tools
Service Runtime Development
Tools
Software Development
Tools
Image Creation Tools
Service Component Developer
Inf rastructure
Security &Risk Manager
CustomerCare
ServiceManager
BusinessManager
Service Composer
OfferingManager
ServiceIntegrator
Service M
anagement
Service C
onsumer P
ortal & A
PI
Service D
evelopment
Portal &
AP
I
AP
I
AP
I
AP
I
AP
I
Existing & 3rd party services, Partner
Ecosystems
ProvisioningIncident & Problem
Management
IT Service Level
Management
Service Automation Management
Service Delivery Catalog
Service Request
Management
Change & Configuration Management
Image Lifecycle
Management
Monitoring & Event
Management
IT Asset & License
Management
Capacity & Performance Management
Platform & Virtualization Management
Infr
astr
uctu
reM
gm
t Int
erfa
ces
Pla
tform
Mg
mt
Inte
rfac
esS
oftw
are
Mg
mt
Inte
rfac
esB
P M
gm
tIn
terf
aces
23
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2424 Governance
Security, Resiliency, Performance & Consumability
Cloud Service Provider
Cloud Services
IaaS
PaaS
SaaS
BPaaS
Common CloudManagement Platform
OSS – Operational Support Services
BSS – Business Support Services
Customer Account
Management
Service Offering Catalog
Service Offering
Management
TransitionManager
DeploymentArchitect
OperationsManager
Service Provider Portal & API
Infrastructure
Security &Risk Manager
CustomerCare
ServiceManager
BusinessManager
Service
Con
sumer P
orta
l & A
PI
Service
Deve
lopm
ent P
orta
l & A
PI
Existing & 3rd party services, Partner
Ecosystems
Service Creation
Tools
Cloud Service
IntegrationTools
ConsumerIn-house
IT
Provisioning
Incident & Problem
Management
IT Service Level
Management
Service Automation Management
Service Delivery Catalog
Platform & Virtualization Management
Cloud Computing Reference Architecture (CCRA) – IBM’s Product & tooling mapping (on-prem products)Cloud Computing Reference Architecture (CCRA) – IBM’s Product & tooling mapping (on-prem products)
Service DefinitionService Definition
TSAM SD appTSAM SD app
Tivoli Service Automation Manager
Tivoli Service Automation Manager
golden master VM image, JEE ear file, SQL file, etc.
golden master VM image, JEE ear file, SQL file, etc.
Rational Dev tools (for app artifacts), no image creation tools available today
Rational Dev tools (for app artifacts), no image creation tools available today
KVM, VMware, Linux, Windows, WAS, DB2, Cognos, Filenet, …
KVM, VMware, Linux, Windows, WAS, DB2, Cognos, Filenet, …
ITM AgentsITM Agents
ITM Agent BuilderITM Agent Builder
IBM Tivoli MonitoringIBM Tivoli Monitoring
Event cor. ruleEvent cor. rule
Omnibus-int. toolingOmnibus-int. tooling
Omnibus & ImpactOmnibus & Impact
TAMIT DB entryTAMIT DB entry
TAMIT appsTAMIT apps
TAMITTAMIT
Workflows, job plans, escalations
Workflows, job plans, escalations
TSRM-internal appsTSRM-internal apps
Tivoli Service Request Manager
Tivoli Service Request Manager
HA policyHA policy
EditorEditor
Tivoli System Automation
Tivoli System Automation
Job files, metering collectors
Job files, metering collectors
EditorEditor
Tivoli Usage & Accounting Manager
Tivoli Usage & Accounting Manager
CSV fileCSV file
EditorEditor
Tivoli Usage & Accounting Manager
Tivoli Usage & Accounting Manager
Registration persisted in DB
Registration persisted in DB
TSAM/TSRM-internal apps
TSAM/TSRM-internal apps
TSAM / Tivoli Service Request Manager SP
TSAM / Tivoli Service Request Manager SP
Golden master VM image (runtime)
Golden master VM image (runtime)
[see runtime][see runtime]
TPM for ImagesTPM for Images
TSM backup agentTSM backup agent
Tivoli Storage ManagerTivoli Storage Manager
TPM workflowsTPM workflows
APDEAPDE
Tivoli Provisioning Manager
Tivoli Provisioning Manager
Legend
<cloud service-specific artifact created>
<cloud service-specific artifact created>
<devToolForExploiting mgmt/runtime component>
<devToolForExploiting mgmt/runtime component>
<runtime/mgmt platform component>
<runtime/mgmt platform component> © 2011 IBM Corporation
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2525
Cloud Computing Reference Architecture (CCRA) – IBM’s Security, Resiliency, Performance & Consumability Cloud Computing Reference Architecture (CCRA) – IBM’s Security, Resiliency, Performance & Consumability
Governance
Security, Resiliency, Performance & Consumability
Cloud Service Provider Cloud ServiceCreator
Cloud ServiceConsumer
Cloud Service Integration
Tools
ConsumerIn-house IT
Service Creation Tools
Common Cloud Management Platform
Operational Support Services
(OSS)
Cloud Services
Infrastructure-as-a-Service
Platform-as-a-Service
Software-as-a-Service
Business-Process-as-a-Service
Business Support
Services (BSS)
Infrastructure
Existing & 3rd party services, Partner
Ecosystems
Security Resiliency
Security Policy
Threat & Vulnerability Management
Software, System & Service Assurance
Security Entitlement
Access & Identity Lifecycle
Management
Governance
Data policy enforcement
Data Resiliency
Configuration for Resiliency
Resiliency Monitoring /
Analysis
Resiliency Compliance Assessment
Resiliency Policy Management
Availability & Continuity
Management
ConsumabilityEase of Doing
Business
Positive First Use Experience
Rapidly Integrates
Readily Adapts
Simplified Operations
Security Event Management
Data and Information Protection
25
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2626
Cloud Computing Reference Architecture (CCRA) – IBM’s Security plus Resiliency, Performance & Consumability Cloud Computing Reference Architecture (CCRA) – IBM’s Security plus Resiliency, Performance & Consumability
Governance
Security, Resiliency, Performance & Consumability
Cloud Service Provider Cloud ServiceCreator
Cloud ServiceConsumer
Cloud Service Integration
Tools
ConsumerIn-house IT
Service Creation Tools
Common Cloud Management Platform
Operational Support Services
(OSS)
Cloud Services
Infrastructure-as-a-Service
Platform-as-a-Service
Software-as-a-Service
Business-Process-as-a-Service
Business Support
Services (BSS)
Infrastructure
Existing & 3rd party services, Partner
Ecosystems
Security Resiliency
Security Policy
Threat & Vulnerability Management
Software, System & Service Assurance
Security Entitlement
Access & Identity Lifecycle
Management
Governance
Data policy enforcement
Data Resiliency
Configuration for Resiliency
Resiliency Monitoring /
Analysis
Resiliency Compliance Assessment
Resiliency Policy Management
Availability & Continuity
Management
ConsumabilityEase of Doing
Business
Positive First Use Experience
Rapidly Integrates
Readily Adapts
Simplified Operations
Security Event Management
Data and Information Protection
26
GRC
Data
Data
Virtualization
Intrusion
Patch IdentityGRC
App / IdM
App/IdM
© 2012 IBM Corporation
IBM Banking & Financial MarketsSmartCloud + Security: Driving Business Transformation
2727
Next Steps: IBM Offers Cloud Security solutions across all domains. Contact your local IBM Representative for more details.