securing cloud enabled business 01 dec 2011
Post on 05-Apr-2018
220 Views
Preview:
TRANSCRIPT
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
1/15
2011 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Securing Your Cloud Enabled
Business
Narayan Makaram, CISSP
Director, Solutions Marketing
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
2/15
Cloud computing and IT consumerization are remak
While customers face massive IT shifts
TRADITIONAL STACK SERVICES
Networks
Infrastructure
Databases
Middleware
Applications
Operating System
Devices Connected Devices
Open Cloud Marketplace
Cloud Services
Platform Services
Hybrid Infrastructure
STRUCTURED DATA UNSTRUCTUREDDATA
STRUCTUREDDATA
HYBRID
TRANSFORM
TRANSFORMATION SERV
MANAGEMENT & SECURITY MANAGEMENT & SECU
2 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
3/15
Security concerns prevent movement to new IT arc
Security is a major CIO challenge
26% more pressing than closestchallenge or barrier to implementation
3 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
4/15
Cloud deployment models
PaaS
IaaS
Application
User Activity
Transparent Abstracted
4 Enterpri se Securi ty HP Confidential
Increasing security responsibilities
Application
Platform
O/S
Network
Physical
O/S
image
Platform
Application
As Cloud Service Providers move
from IaaS to PaaS to SaaS offerings:
Visibility to network and systemactivity decreases
Security responsibilities at the userand application level increases
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
5/15
Enterprise ITLegacy Cloud
Security model must evolve
User Layer:Local directories, IDMs
Application Layer: lLocal, client- server, legacy
Platform Layer:O/S, software platforms, databases, etc.
Infrastructure Layer:network devices, servers, etc.
User Layer:Cloud directories, virtual user permiss
Application Layer:SaaS, mobile apps
Infrastructure/Platform Layer:Virtualized servers, storage (S3), Proc
(EC2),PaaS, IaaS,, O/S, databases, switche
To meet new cloud deployment architectures
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
6/15
HP ENTERPRISE SECURITY
HP Enterprise Security Products (ESP)
A newly formed business unit within HP
formed to help organizations mitigate risk in
their hybrid environments and proactively
defend against advanced threats.
6 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
7/15
Security Information and Risk Management Solution
HP Enterprise Security
Threat Research
Security Intelligence
RiskManagement
InformationSecurity
NetworkSecurity
ApplicationsSecurity
360 degree security monitoring to detect incidents
Proactive security testing to protect applications
Adaptive network defenses to block attacks
Platform integration to manage risk
7 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
8/15
Security Intelligence
Gartner - for optimal security and risk management:
Correlate information and context, especially business context
Correlation technologies
Application security:
Dynamic and static application scanning
Application scanning and inline network security
Operational security:
SIEM and security point solutions
SIEM and IT ops
Automate response actions where possible
8 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
9/15
Risk Management
Leverage Security Intelligence to take action
Map IT assets, monitoring and vulnerabilities to
business processes
Use intelligent metrics and heat maps to target
security spending and remediation efforts
9 Enterpri se Securi ty HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
10/15
Threats + architecture = new model
Traditional Security Monitoring Hybrid Security Monitoring
10 Enterpr ise Secur ity HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
11/15
#2: Hybrid security
controls for private clouds
Three ways to secure clouds
ArcSight
#3: Modular sefor cloud insta
SaaS Provider
#1: Secure enterprise use ofSaaS
Cloud IAM
VirtualConnectors
Virtual IPS
IPS
11 Enterpr ise Secur ity HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
12/15
Follows standard dev/ops process
Select instance size/image to provision
Add security modules
Connectors for log syndication and SIEM
Virtual IPS for network protection
Fortify RTA for run-time app protection
Add compliance controls/reporting
Reports driven by connectors
Controls link to security modules
Cloud controls integrate with legacy
environment security controls
The future is modular
12 Enterpr ise Secur ity HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
13/15
CISOs path to modern infrastructure
Mitigate todays risks:
Deliver security intelligence: leverage contextual data (user, business valu
Look for opportunities to correlate technologies and automate
Prepare for tomorrows problems:
Approach strategically, starting with quick wins
Start by securing enterprise use of SaaS
Next, establish hybrid controls
Long term, add modular security controls
13 Enterpr ise Secur ity HP Confidential
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
14/15
Conclusions
Security controls must map to an organizations path to cloud
Some current practices can largely remain the same (e.g.monitoring), others must change (e.g. provisioning)
Deeper understanding of and synergy with dev/ops will smoo
the adoption of cloud security controls
-
7/31/2019 Securing Cloud Enabled Business 01 Dec 2011
15/15
THANK YOU
top related