can i trust the cloud?
TRANSCRIPT
1
CYBER INTEGRATED SOLUTIONS
Can I Trust the Cloud?
W. Wyatt StarnesVP Advanced Concepts
22
Background
• Wyatt Starnes– Leads research and development for Harris Trusted
Enterprise Cloud and the Harris Cyber Integration Center
– Instrumental in establishing industry standards for security, compliance, and systems measurement
– Founder and former CEO of Signacert and Tripwire
– 36 years experience in high technology with eight startups
Harris has a 115-year history of engineering excellence, technical innovation, and customer delight.
• Harris Corporation– More than 16,000 employees including nearly 7,000
engineers and scientists
– $6 billion annual revenue
– Industry leader in mission critical networked systems
– Significant investment in Cyber Integrated Solutions
3
CYBER INTEGRATED SOLUTIONS
The Buzz about Cloud
44
Everyone is Talking Cloud…
55
Can I Trust the Cloud?
Configurability
Speed
Vendor lock-in
Support
Performance
Control
Security
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
3.3
3.3
3.7
3.7
3.8
3.8
4.3
Information Week Analytics Cloud Computing Survey, 2009. Respondents were asked: How concerned are you with the following issues as they relate to cloud computing? (range from 1 to 5)
Which Cloud?
Private CloudOn premise enterprise data
center
Hybrid CloudMultiple elements of the
above
Community Cloud
Enterprise membership
Public CloudOff premise, multi-tenant
Shared resources
…but Which Cloud and Can I Trust it?
66
Barriers to the Cloud are Real
Trust
Cost & Control
7
CYBER INTEGRATED SOLUTIONS
What is Trust in the Cloud?
88
What is Trust?
Trust - Noun. • Reliance on the integrity, strength, ability, surety, etc., of a
person or thing.• Confident expectation of something.
99
What is Trust in the Cloud?
“Trust in cloud computing is defined as the continuous monitoring of all quality of service (QoS) elements that impact business service delivery and continuity. These
include supply chain provenance, life cycle integrity, governance, security, privacy and transparency.”
1010
What is Trust in the Cloud?
“…..….the commission supports programs such as Security Content Automation Protocol, or S-CAP, a
standard which enables the automation of reporting and verifying IT security control parameters. S-CAP provides a ready method to capture, test and continuously monitor the
controls and integrity settings required to achieve the respective standard and/or compliance requirements.”
1111
Security ≠ TrustTraditional security methods focus
on keeping bad code outHarris adds Positive Assurance
enabling full integrity verification
Explicit Trust through Positive Platform Assurance
All active elements in the infrastructure are monitored and validated including servers & network components (firewalls, routers, switches)
1212
The Pillars of Trust
Supply Chain
Positive A
ssurance
Service D
elivery
Security &
Compliance
TRUST
13
CYBER INTEGRATED SOLUTIONS
Building the Trusted Cloud
1414
The Trusted Enterprise Cloud
• World-class and purpose-built infrastructure – the Cyber Integration Center and Harris’ network of cyber facilities and operations centers
• Best-of-breed systems and processes – focused on virtualization, automation, a unique end-to-end service model, and customized control through the client portal
• Trust Enablement Technology – continuous monitoring and assessment of the device and software supply chain using our Global Trust Repository of 3 billion (growing by 3 million a day!) industry standard reference images and external vulnerability feeds
The industry’s first enterprise-grade, high-assurance cloud computing solution
ReferenceConfigurations
Application Data and
Signature Database Global Trust Repository
(GTR)
Enterprise Trust Server
Reporting
Inventory Reports
Change Reports
Compliance Reports
Notifications
IT Infrastructure• Ecommerce Service• Trading Service• Virtual Infrastructure• Web Servers• Database Servers• File Servers
• Directory Servers
Compliance Assessment
+2000 other vendors
1515
Proof that the code was actually built by the named supplier is a crucial element of software and device validation or attestation
Trust and Supply Chain
• Do I know that the software elements that I am loading and running on my platform ARE what they say they are?
• What proof do I have that the code I am using was actually built by the named vendor?
• Is an increasing concern for software & hardware vendors and users in all sectors
1616
Cyber Integration Center
• 100,000 sq ft dedicated facility• Buffered VA location• Operations support ISO 20000, ISO 27001,
SAS70 Type 2, NIST 800-53-High• Three secure data rooms• IT capacity > 340 W/sq ft• On site Client Operations & Security Center
• Two physically diverse telecom pathways
• Two water sources used for cooling
• Dual power sources from two separate substations
• Nine generators for backup power
• 100’ perimeter security fence with intrusion detection
• Interior and exterior motion-activated video monitoring
• Biometric access scanners and man-trap portal
• 24/7/365 on-site security guards & video surveillance
• LEED Silver designed• Green construction• Five, 500 ton, high efficiency
centrifugal chillers• Chemical free cooling water
reuse• Green IT Audacious Idea
Award
1717
Delivering Cyber Assurance Through Continuous Monitoring and Control
Risk Management – NIST SP800-37
Security Foundation is NIST SP800-53 (High Impact)
Automation, Vulnerability Identification & Software Authenticity Validation
Security Tools & Components (Based on SP800-53)
Log Monitoring
Intrusion Prevention
Anti-Malware DLP Other
S-CAP:Security Content
Automated Protocol
Configuration Management &
Vulnerability Assessment
High Fidelity Software
Signatures
FoundationAutomated Defense In Depth Security Controls via NIST SP800-53/37
Explicit TrustAutomated Positive Platform Assurance and S/W Supply Chain validation
Complete Cyber Assurance
1818
Marquee Facility Backed by a Global Support Network
Harris Cyber Integration Center
• Multiple Harris Cyber facilities• CapRock, GCS & Other network backbones• 24/7/365 field support locations• Readily Accessible Partner Facilities
• 18 Teleports Across 6 Continents• 6 Network Operations Centers (24x7)• 83 PoPs on Global Terrestrial Network• 140 Countries Served
19
CYBER INTEGRATED SOLUTIONS
Building Your Cloud
2020
Trusted Multi-Tenant Cloud
Client A
Choose the Cloud That’s Right for You
Trusted Dedicated
Cloud
Client A
Trusted Dedicated
Cloud
Client B
Trusted Dedicated
Cloud
Client C
Client B Client C
Harris Trusted Enterprise Cloud™
VPN or VPLSTrustedPrivateCloud
Client EnterpriseCyber Integrated Solutions
Client Operations & Security Center
Choose the elements of your cloud. Manage as one system.
2121
Trusted Multi-Tenant Cloud
Client A
Choose the Cloud That’s Right for You
Trusted Dedicated
Cloud
Client A
Trusted Dedicated
Cloud
Client B
Trusted Dedicated
Cloud
Client C
Client B Client C
Harris Trusted Enterprise Cloud™
VPN or VPLSTrustedPrivateCloud
Client EnterpriseCyber Integrated Solutions
Client Operations & Security Center
Choose the elements of your cloud. Manage as one system.
• Three core components to create the cloud architecture that is right for your enterprise
• Each component features:– Cloud Infrastructure as a Service (IaaS)– Harris Trusted Enterprise Cloud security controls
and trust enablement technology– Embedded continuous monitoring– Control & management via the Cyber Operations and
Security Center (COSC)
2222
Trusted Multi-Tenant Cloud
Client A
Trusted Enterprise Cloud Configurations
Trusted Dedicated
Cloud
Client A
Trusted Dedicated
Cloud
Client B
Trusted Dedicated
Cloud
Client C
Client B Client C
VPN or VPLSTrustedPrivateCloud
Client EnterpriseCyber Integrated Solutions
Client Operations & Security Center
Choose the elements of your cloud. Manage as one system.
• Hosted cloud infrastructure for provisioning on demand
• Secure multi-tenant or dedicated single tenant infrastructure
– Hosted private cloud– Public cloud
• Designed to exceed the VCE VMDC 2.0 Reference Architecture
2323
Trusted Multi-Tenant Cloud
Client A
Trusted Private Cloud
Trusted Dedicated
Cloud
Client A
Trusted Dedicated
Cloud
Client B
Trusted Dedicated
Cloud
Client C
Client B Client C
Trusted Enterprise Cloud
VPN or VPLSTrustedPrivateCloud
Client EnterpriseCyber Integrated Solutions
Client Operations & Security Center
Choose the elements of your cloud. Manage as one system.
• On-premise cloud – remotely managed by Harris Client Operations and Security Center
• Capacity and agility benefits of cloud computing with the control of on-premise equipment
• Harris trust enablement technologies
• Eases migration path to the cloud
2424
Key Features & Benefits
Features Benefits
Global Trust Repository• Explicit trust that goes beyond security• Software supply chain traceable directly to vendor
Enterprise Trust Server
• High fidelity change identification & control– What is on your system– Where it came from– How it is configured
• Control platform drift and increase platform stabilityBuilt to industry's highest security standards
• Security controls in place to host compliant applications for HIPAA, PCI, FISMA, SOX and others
S-CAP Standardized Automation
• Real time vulnerability identification and security adjustments
• See your compliance posture on demand• Lower your certification costs
Control via the client portal
• Robust self service capability• Appears as extension of your infrastructure
25
CYBER INTEGRATED SOLUTIONS
You Can Trust the Cloud!
2626
You Can Trust the Cloud!
2727
You Can Trust the Cloud!
“The Harris Trusted Enterprise Cloud clearly offers advanced security and trust capabilities far in excess of what you'd normally find in the vast majority of enterprise IT environments. It's arguably much better than you could do yourself, or – at least – do in a reasonable fashion.”
“They created a purpose-built enterprise cloud that was arguably orders of magnitude more secure and more trusted than anything an IT environment could do for themselves.”
“You'll see, it's far far better in many regards.”
2828
Trust In The Cloud
• The industry’s first enterprise-grade, high-assurance cloud computing solution
• World class partners providing best of breed technology
• Cyber integration expertise to cost effectively meet the unique needs of your business
• Trust enablement technology that goes beyond security to unprecedented visibility and control of your infrastructure
www.cyber.harris.com