cloud & security - siliconindia · cloud & security dr debabrata nayak...
TRANSCRIPT
![Page 2: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/2.jpg)
AGENDA
• General description of cloud
• Cloud Framework
• Top issues in cloud
• Cloud Security trend
• Cloud Security Infrastructure
• Cloud Security Advantages / Challenges
• Compliance and certification of cloud security
• Cloud Security standard participation
• Summary
![Page 3: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/3.jpg)
Cloud Computing
Page 3
![Page 4: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/4.jpg)
What is Cloud Computing?
� Cloud Computing � model for enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
� describes the use of a collection of services, applications, information, and infrastructure comprised of pools of computer, network, information, and storage resources
� NIST defines cloud computing by describing five essential characteristics and attribute� On-demand self-service (service-based) � On-demand self-service (service-based)
� Broad network access (uses internet technologies)
� Resource pooling (shares a pool of resources)
� Rapid elasticity (scalable and elastic)
� Measured service (pay-as-you-go)
� NIST defines three cloud service models� PaaS (Platform as a Service)
� IaaS (Infrastructure as a Service)
� Saas (Software as a Service)
� NIST defines four cloud deployment models � Private
� Public
� Community
� Hybrid
![Page 5: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/5.jpg)
Page 5
![Page 6: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/6.jpg)
Cloud Framework
CommunityCommunityCloudCloud
Private Private CloudCloud
Public CloudPublic Cloud
Hybrid Clouds
Service
Models
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
On Demand Self-Service
Service
Models
Essential
Characteristics
Common
Characteristics
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
![Page 7: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/7.jpg)
Cloud Service Models Working Together
Page 7
![Page 8: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/8.jpg)
The cloud security is getting lot of attention
0100200300400500
2009 2010 2011 2012 2013云计算服务市场
in 2013, the global cloud computing service market size is
44,200,000,000 US dollars
The cloud service raisesFor business
The cloud moves safely
•cisco purchases with 183,000,000 US dollars based on Web securitybased on Web securitybased on Web securitybased on Web securitysoftware company ScanSafe.•Cisco, NetApp VMware promote the end-to-end security multi-renters to design the construction,Strengthens sharing private and the enterprise private and the enterprise private and the enterprise private and the enterprise cloud environment securitycloud environment securitycloud environment securitycloud environment security.2009 2010 2011 2012 2013
Source:IDC,2009
Cisco forecast that in 2012 the data central order volume amounts to
10,000,000,000 US dollars
in December, 2009 IBM purchase database security company Guardium. This purchase causesIBM Corporation has obtained the Guardium Corporation's database safety work. According to IBM said thatThis purchase is an its information management strategic planning part, the IBM enterprise databaseThe real-time monitor and the data protection will promote to a new level.Microsoft will be planning in 2010 will promote one later face the multi-renter cloud environmentThe new safety mechanism, and provides based on Azure uses same technical the private cloud software Namely “Sydney” security plan. Sydney user's cloud resources and network emptyPlans to decompose separates, provides the enterprise the internal data center equipment and in the clouds between the equipmentSafe connection.
![Page 9: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/9.jpg)
Top Issues in Cloud Computing
Hard to integrate within-house IT
Availability
Performance
Security
84.5%
84.8%
88.1%
88.5%
Not enough majorsuppliers yet
Bringing back in-housemay be difficult
Worried cloud willcost more
Not enough ability tocustomize
Hard to integrate within-house IT
74.6%
80.3%
81.1%
83.3%
84.5%
65% 70% 75% 80% 85% 90%
% responding 3, 4 or 5 on scale of 1 to 5 (5 being most significant)
![Page 10: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/10.jpg)
Cloud security by security vendors paying attention
Traditional security factoryBusiness
The cloud moves safely
in 2009 the second quarter, the tendency science and technology purchaseprovides the security management software's privacyPerson enterprise Third Brigade. This purchase lets the tendency be able to bring more needlesTo virtualization and cloud computation security tool. According to the tendency indicated that this purchase realityPresent they have ensured the business data center security the strategy to anticipate.
in 2009 Mike Philippine Purchase Security Software Company MX Logic. in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the Mike PhilippinesSaid that this is a very important transaction, has integrated for own product mix whenNext wields great power with great arrogance “the software and the service”. In and Symantec's competition,This purchase let the Mike Philippines occupy the vantage point.The Symantec Corporation 2008 year's end have purchased the online correspondence and the network security service raiseFor discussesMessageLabs, the conformity MessageLabs service founds one newlySaaS product department.in April, 2009 Symantec Corporation purchases the OEM partner, the SaaS specialized manufacturerAppStream. AppStream will bring a brand-new market to SymantecOpportunity - - tabletop virtualization.
![Page 11: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/11.jpg)
News Headlines
Amazon Encrypts CloudFront, but Security Comes at a
Price!
Google Security Breach a Warning Sign for Cloud
Security?Security?
IBM Managed Security Helps Shore Up Cloud Offerings
Multi-tenant SaaS Secured By Oracle Identity Management
![Page 12: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/12.jpg)
Security Security ModelModel
You buildsecurity in
You “RFP”security in
PaaSPlatform as a Service
SaaSSoftware as a Service
Page 12
IaaSInfrastructure as a Service
Platform as a Service
![Page 13: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/13.jpg)
A Basic cryptography model
� �
Encryption Algorithm
Cipher text
�Decryption Algorithm
� �Plain text
Shared secret keyShared secret key
�Plain text
�
![Page 14: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/14.jpg)
SYMMETRIC KEY CRYPTOSYSTEM
D E B A
1101 1110 1011 1010 (Message)
1000 1000 1000 1000 (Encryption Key)
0101 0110 0011 0010 (5632 Ciphertext)0101 0110 0011 0010 (5632 Ciphertext)
1000 1000 1000 1000 (Decryption Key)
1101 1110 1011 1010
D E B A (Original Message)
![Page 15: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/15.jpg)
Design of secure cryptographic system
Sender (A)Encryption Decryption
Receiver (B)
M
C M
Cracker
Sender (A)Encryption
C= EB(M)
Decryption
M=DB(C)Receiver (B)
Key distribution
Center
EB
Hacker
M^DB
E D
![Page 16: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/16.jpg)
INTEGRITY CHECK
Internal
Network
�
External
Network
��
1101 1010 1011 1010
D E B A
1101 1110 1011 1010
� 1101 1010 1011 1010
1101 1010 1101 1010
D A D A
![Page 17: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/17.jpg)
Cloud Computing Security Architecture
Cloud Computing Security Architecture
Page 17
![Page 18: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/18.jpg)
Cloud Security Advantages
� Exposure of internal sensitive data reduced by shifting public data to a external cloud
� Cloud homogeneity simplifies security auditing/testing
� Clouds enable automated security management both internally and externallyand externally
� Redundancy / Disaster Recovery
� Reduces in-house IT security administration
![Page 19: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/19.jpg)
Cloud Security Challenges
� Trust
� Putting too much trust to vendor’s security model
� Auditing and investigation
� Customer may be out of loop in audit events and findings
� Obtaining support for investigations at mercy of the provider
� Logging Challenges
� Administration
� Indirect security administrator accountability
� Security configurations
� Identity management
� Implementation
� Black box implementations can’t be examined
� Public cloud vs internal cloud security
� Data
� Regulatory differences and difficulties across national boundaries
� Data retention issues
� Data protection in storage and transit
� Ownership
![Page 20: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/20.jpg)
Locking down the cloud
� Securing the cloud
� trust
� multi-tenancy
� encryption
� compliance
Achieving goals� Achieving goals
� privacy
� secure access
� transparency
![Page 21: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/21.jpg)
Security Requirements and Features
• All of your IT security requirements apply
• Trust� Platform trust and trusted computing
� identity management, user provisioning and access control
� Federation, control of privileges, SSO
� Authentication, authorization and auditing
� Multi-tenancy� Multi-tenant logging management
� Network, VM, Application, process, and data isolation
� Security, OS, and Resource Management
� Security DMZ per virtual application
� Security profile per compute profile
� Complianceauditing
� Privileged user management
� Web access management
• Encryption� Key management and provisioning
� Data leak protection
� Data storage and transit Security profile per network
� Auditing
� Log management
� Regional/national/international compliances and certification
� Legal intercept
� Data Privacy
![Page 22: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/22.jpg)
Compliance and Certification• Security related Cloud-specific group
• ITU Cloud Focus Group
• ETSI cloud security group
• SAS70
� Auditing compliance
• TIA942
� US Data Center
• ISO 27001
� Common Criteria certification and compliance� Common Criteria certification and compliance
• ISO 15489
� Records and Information Management
• LEED
� Leadership in Energy and Environmental Design: green data center
• NIST FIPS 140-2
� Security Requirements for Cryptographic Modules
• ISA’s Security Assurance Certification
� Embedded Device Security Assessment
![Page 23: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/23.jpg)
Page 23
![Page 24: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/24.jpg)
ITU activities in Cloud Security
• Making a balance between all the standards
• Cloud definition and ecosystem
• Identity in Cloud
• PKI Infrastructure for cloud
• Key Management Scheme for Cloud• Key Management Scheme for Cloud
• Cloud Security Architecture
• Cloud service, resource management and middleware
• Cloud computing platform secure architecture
![Page 25: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/25.jpg)
Page 25
![Page 26: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/26.jpg)
Cloud Security Framework
Page 26
![Page 27: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/27.jpg)
Standards/Fora and Cloud Computing
![Page 28: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/28.jpg)
Summary
• Security is the number one concern in cloud computing
• New challenges in cloud computing bring forward new threats and risks
� More complex than traditional IT security
• The Cloud needs to be secure, guarantee privacy, access and transparencytransparency
• Regulations and laws are catching up but need to expand beyond data privacy
• Compliance and certification are very important in measuring the effort put into building the cloud and to provide assurances
• Standards and forum play important role in promoting openness and interoperability
![Page 29: Cloud & Security - SiliconIndia · Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com. ... in 2009 Mike Philippine Purchase Security Software Company MX Logic. Regarding the](https://reader033.vdocuments.mx/reader033/viewer/2022042200/5ea06592491e6a7fde72c1e6/html5/thumbnails/29.jpg)
THANK YOUTHANK YOU