securing cloud services
DESCRIPTION
HP Technology Forum, June 2009, Las VegasTRANSCRIPT
![Page 1: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/1.jpg)
Produced in cooperation with:
HP Technology Forum & Expo 2009
© 2009 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Securing Cloud ServicesJohn Rhoton
Distinguished TechnologistHP EDS CTO Office
June 2009
![Page 2: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/2.jpg)
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
![Page 3: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/3.jpg)
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
![Page 4: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/4.jpg)
So, What is Cloud Computing?The 451 Group: “The cloud is IT as a Service, delivered by IT resources
that are independent of location”Gartner: “Cloud computing is a style of computing where massively
scalable IT-related capabilities are provided ‘as a service’ across the Internet to multiple external customers”
Forrester: “A pool of abstracted, highly scalable, and managed infrastructure capable of hosting end-customer applications and billed by consumption”
Wikipedia: “A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them.”
“A large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization. This pool of re-sources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs.”
Vaquero, Rodero-Merino, Caceres, Lindner
![Page 5: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/5.jpg)
Cloud Attributes• Off-premise• Outside Firewall• Delivered over Internet• Available on Demand• Scalable• Elastic• Utility billed
• Multi-tenant• Virtualised• Available as Service• Location independent
• SOA?• Grid?• Web 2.0?
Private versus Public Cloud
![Page 6: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/6.jpg)
Innovation & Impact• Innovation
−Incremental
−Individually not impressive or not recent
−Compare Internet• TCP/IP, HTTP, HTML, PC
• Impact−IT: New platforms, Service delivery models
−Business: Capex, Opex, Agility
−Economic: Entry barriers, Startup speed, Startup numbers
−Political: Regulation, Compliance
6 April 10, 2023
![Page 7: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/7.jpg)
7 17 Decmeber 2008
Massive Scale-out and the CloudEnterprise Class Global class
On-premise Hybrid/off-premise
100s -1000s of nodes 10,000+ nodes
Proprietary Commodity
HW resiliency SW resiliency
Max performance Max efficiency
Silo’ed Resources Shared Resources
Cost-Center
Clusters Grids/Cloud
Value/
Revenue-Center
Static Elastic
Shared storage Replicated storage
Facility costs Power Usage Efficiency
2938: The Value of Cloud in the Business Technology Ecosystem
![Page 8: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/8.jpg)
Business
users
Cloud service provider
Hosted / outsourced service provider IT organization
internal service provider
Market contextA service-centric perspective sheds light on all value chain constituents
8
S
S
S
Externalservices
In-house services
Cloudservices
Business
outcome
Massive scale-out infrastructure
Global-class software
Enterprise-class software
Dedicated and sharedinfrastructure
Enterprise-class software
Dedicated and shared infrastructure
2938: The Value of Cloud in the Business Technology Ecosystem
![Page 9: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/9.jpg)
Cloud Model
Hardware Computation StorageMemory
Colocation Real Estate CoolingPower Bandwidth
Virtualisation Provisioning BillingVirtualisation
PlatformProgrammingLanguage
DevelopmentEnvironment
APIs
Application CRM UCEmail ....... .......
Integration
Operation
Governance
![Page 10: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/10.jpg)
Governance
Operation
Integration
Infrastructure
Platform
Software
Cloud Landscape
![Page 11: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/11.jpg)
Why Cloud Computing?• Cost reduction
− Benefit from economies of scale and experience curve− Predictability of spend− Avoids cost of over-provisioning− Reduction in up-front investment
• Risk reduction− Offload risk or running the data-centre, data protection, and disaster
recovery− Reduces risk of under-provisioning
• Focus on core competency− Reduce effort and administration related to IT− Automatic service evolution
• Flexibility− Roll-out new services, retire old− Scale up and down as needed; quickly− Faster time to market: Lower barriers to innovation− Access from any place, any device, any time
![Page 12: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/12.jpg)
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
![Page 13: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/13.jpg)
Security Benefits and Opportunities• Cloud providers undergo rigorous audits• Isolation of customer and employee data• Disaster Recovery extensions• Centralised monitoring• Forensic readiness• Password assurance testing• Pre-hardened builds• Security testing• Obfuscation of physical infrastructure
13 April 10, 2023
![Page 14: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/14.jpg)
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
![Page 15: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/15.jpg)
Challenges• Governance• Compliance• Data Privacy• Service Availability
−Vendor Lock-in
−Latency
• Identity Management• Lock-in• Rogue Clouds
15 April 10, 2023
![Page 16: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/16.jpg)
Governance
16 April 10, 2023
![Page 17: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/17.jpg)
Compliance• Sarbanes Oxley• HIPAA• FDA• Basel II• PCI• FISMA• GLBA• OSHA• ISO 27002
17 April 10, 2023
![Page 18: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/18.jpg)
Data Privacy
18 April 10, 2023
![Page 19: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/19.jpg)
Resilience• Service Availability• Integration risks• Business Continuity• Latency• Fault Tolerance
19 April 10, 2023
![Page 20: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/20.jpg)
Identity Management• Authentication• Authorisation
−Access rights
• Federation−Interoperability
−Standards• XACML, SAML
• Rapid provisioning−Immediate de-provisioning
• Identity theft
20 April 10, 2023
![Page 21: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/21.jpg)
Cloud Computing: Models
EnterpriseEnterprise
Data
Storage
Service
Data
Storage
Service
Office
Apps
Office
Apps
On Demand
CPUs
On Demand
CPUsPrinting
Service
Printing
Service
Cloud
Provider #1
Cloud
Provider #1
Cloud
Provider #2
Cloud
Provider #2
Internal CloudInternal Cloud
CRM
Service
CRM
Service
……
Service 3Service 3
Backup
Service
Backup
Service ILM
Service
ILM
ServiceServiceService
ServiceService
ServiceService
Business
Apps/Service
Business
Apps/Service
EmployeeEmployee
UserUser
…………
…… The
Internet
The
Internet
![Page 22: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/22.jpg)
Identity in the Cloud: Enterprise Case
EnterpriseEnterprise
Data
Storage
Service
Data
Storage
Service
Office
Apps
Office
Apps
On Demand
CPUs
On Demand
CPUsPrinting
Service
Printing
Service
Cloud
Provider #1
Cloud
Provider #1
Cloud
Provider #2
Cloud
Provider #2
Internal CloudInternal Cloud
CRM
Service
CRM
Service
……
Service 3Service 3
Backup
Service
Backup
Service ILM
Service
ILM
ServiceServiceService
ServiceService
ServiceService
Business
Apps/Service
Business
Apps/Service
EmployeeEmployee
…………
…… The
Internet
The
Internet
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
IAM Capabilities
and Services
Can be
Outsourced in
The Cloud …
IAM Capabilities
and Services
Can be
Outsourced in
The Cloud …
![Page 23: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/23.jpg)
Lock-in• IaaS
−Standard Hardware, Software
−Low Risk
• PaaS−Programming Language,
−APIs
−Data Extraction
• SaaS−Data Extraction
−Functionality, User retraining
• Assess Vendor viability
23 April 10, 2023
![Page 24: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/24.jpg)
Rogue Clouds• Shadow IT may circumvent Central IT• Suboptimal Resource allocation• Disregard Compliance• Compromise Information Security
24 April 10, 2023
![Page 25: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/25.jpg)
Cloud Security Activity and Standards• Cloud Security Alliance• ENISA (European Network and Information
Security Agency)−Cloud Risk Assessment
• Open Group−Jericho Forum
• SAS 70• NIST Special Publication 853• FIPS 199/200
25 April 10, 2023
![Page 26: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/26.jpg)
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
![Page 27: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/27.jpg)
Exte
rnally
host
ed
An infrastructure utility underpins both dedicated and “as a service” applications
Business outcomesBusiness outcomes
Infrastructure as a service
Business outcome
Technology-enabled services
Cloud Infrastructure Utility
Enterprise Infrastructure Utility
Inte
rnally
host
ed
Enterprise-class applications
Global-class cloud services
2938: The Value of Cloud in the Business Technology Ecosystem
![Page 28: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/28.jpg)
HP delivers on the Business Technology EcosystemA sampling of HP product and services
Business outcomesBusiness outcomesBusiness outcome
Exte
rnally
host
ed
Infrastructure as a service
Technology-enabled services
Infrastructure Utilityhomogeneous, centralized design
Infrastructure Utility heterogeneous, distributed
design
Enterprise-class applications
Global-class cloud services
EDS Application Services
Performance / Quality Center
Security Center
Service Manager Catalog
Business Service Automation
Insight Orchestration
Business Service Management
Proliant / Integrity
ProCurve
Storage Works
Insight Dynamics - VSE Proliant BL2x220c
StorageWorks ExDS9100
Portable Optimized Datacenter
Snapfish, BookPrep, MagCloud
Business Availability Center
Quality and Security Centers
Cloud Assure
Concierge Services
Project & Portfolio Management
2938: The Value of Cloud in the Business Technology Ecosystem
![Page 29: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/29.jpg)
HP delivers value across the business technology ecosystem
29 Apr 10, 202329
We build it Leading data center design company
We power it With leading servers, storage and networking
We design it Expertise in application architecture & frameworks
We automate it With virtualization and management software
We secure it Through HP Secure Advantage program
We support it With tens of thousands of IT professionals
We govern it HP wrote the books on service management
We measure it HP can measure the fiscal impact of services
We deliver it Through purchased, financed, outsourced, cloud
We build it Leading data center design company
We power it With leading servers, storage and networking
We design it Expertise in application architecture & frameworks
We automate it With virtualization and management software
We secure it Through HP Secure Advantage program
We support it With tens of thousands of IT professionals
We govern it HP wrote the books on service management
We measure it HP can measure the fiscal impact of services
We deliver it Through purchased, financed, outsourced, cloud
2938: The Value of Cloud in the Business Technology Ecosystem
![Page 30: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/30.jpg)
April 10, 202330
HP Secure Advantage:Making security a business enabler
Products –– Partners –– Solutions
Business Outcomes Business Outcomes
Protect resources Protect data Provide validation
Technology
People and processPeople and process
Reduce Cost
•Virtualized
•Efficient
•Pre-packaged
•Scalable
HP provides low-cost/high-quality solution delivery combining expert knowledge and security products from the desktop to the data center using proven methodologies with global resources.
Reduce Complexity
Standardized •
Integrated •
Consulting •
Managed •
In/Outsourced •
Pre-integrated solutions with major security players , & the HP Secure Advantage
portfolio, along with the flexibility to leverage
services globally to consult, deploy or manage these
solutions, reduces complexity for our
customers.
The secure end-to-end business advantage
Reduce Risk
HP uses its internal best practices, developed in HP Labs and HP Services to create and commercialize security solutions and services for customers across the world.
3296 HP Secure Advantage
![Page 31: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/31.jpg)
HP Secure Advantage services portfolio
Provide validation
Protect data
Governance, Risk & Compliance
Management
Infrastructure Security
Identity & Access Management
Data Protection & Privacy Management
Protect resources
Enablement to Management services from Desktop to Datacenter.
Endpoint Security
NetworkSecurity
Data CenterSecurity
Security Operations
Business Continuity& Recovery
Risk Management& Compliance
Infrastructure Security
Governance, Risk& Compliance Mgmt
Data Protection & Privacy Mgmt
Identity & Access Management
Identity & Access Mgmt
Data Security
Content Security
ApplicationSecurity
3296 HP Secure Advantage
![Page 32: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/32.jpg)
HP Secure Advantage- Product Portfolio -1
Categories Domains HP Secure Advantage Products
Infrastructure Security
Network SecurityHP ProCurve Network Access ControlHP ProCurve Network Immunity ManagerHP ProCurve ONE network security solutions
Endpoint SecurityHP ProtectToolsHP Business Service Automation - Client Automation CenterHP Secure Document Advantage Family
Data Center Security
HP Insight Dynamics - VSEHP NetTopHP-UX 11i (CC EAL4+, HIDS)HP Linux (CC EAL4+)HP OpenVMSHP NonStop SafeguardHP Neoview Security
Data Protection & Privacy Management
Data Security
HP Secure Key ManagerHP Atalla Key Block, NSPHP ProtectTools Drive EncryptionHP Storage Media Encryption Fabric SwitchHP XP Disk Array Encryption HP LTO-4 Tape EncryptionHP Data ProtectorHP-UX EVFSHP NonStop Volume Level EncryptionHP Medical Archive Solution
Content Security HP BladeSystem content security solutions
Application Security HP Application Security Center
3296 HP Secure Advantage
![Page 33: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/33.jpg)
HP Secure Advantage – Product Portfolio - 2
Categories Domains HP Secure Advantage Products
Governance Risk & Compliance Mgmt
Risk Management & Compliance
HP Compliance Log WarehouseHP TRIM (e-Discovery)HP Integrated Archival Platform (ILM/archiving for Email, Database, File)HP Business Service Automation - Data Center Automation Center (Server Automation, Network Automation)HP Medical Archive SolutionHP DragonHP Application Security Center
Security Operations
HP Business Service Automation - Data Center Automation Center (Server Automation, Network Automation, Live Network, Release Control) and Client Automation CenterHP IT Service Management (Asset Manager, Decision Center etc)HP UCMDB, DDMHP Proliant Essentials Vulnerability & Patch Management PackHP Systems Insight ManagerHP Compliance Log Warehouse
Business Continuity& Recovery HP Business Service Management
Identity & Access Management
Identity & Access Management
HP ProCurve Identity Driven ManagerHP IcewallHP-UX, Linux, NonStop etc
3296 HP Secure Advantage
![Page 34: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/34.jpg)
HP Servers, Storage,Networking, PC’s,Printers
HP Software –HP Application Center, BusinessService Automation, Change Management
Services and SupportAssessment, Deployment, hosting, managed services
HP Secure Advantage Solutions
HP Secure
Advantage
Comprehensive solutions
consisting of HP hardware,
software, services and expertise to
mitigate risk
Better business outcomes
04/10/2334
© 2009 Hewlett-Packard Development Company, L.P.
Leveraging 37 years’ experience of delivering secure transactions across the world for 1000s of customers
3296 HP Secure Advantage
![Page 35: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/35.jpg)
Practical advice• Plan! Prepare!• Assess risks• Application audit/inventory• Begin with non-sensitive data• Consider disaster-recovery extensions• Encrypt sensitive data
35 April 10, 2023
![Page 36: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/36.jpg)
Summary• „Cloud Computing“ means different things to different
people−That doesn‘t stop us from implementing it
• Cloud Computing has many benefits−Some Enterprise advantages can also be covered through
Private Clouds
• There are security challenges around Cloud Computing−But also some benefits
• Cloud Computing is still work-in-progress−Privacy, Service-levels, Interoperabilty
• It‘s possible to get started in the Enteprise today−The most critical challenge is to make the existing environment
future-proof
![Page 37: Securing Cloud Services](https://reader036.vdocuments.site/reader036/viewer/2022062616/54b6df154a7959f4118b464d/html5/thumbnails/37.jpg)
More information• Presentation will be posted to:
−http://www.slideshare.net/rhoton
• Additional Resources−http://www.hp.com/go/cloud
−http://www.hp.com/go/security
• Any other questions?−http://www.linkedin.com/in/rhoton