shekhar kirani - enterprise and cloud computing: clouded security?
DESCRIPTION
The session will provide a 360-degree view on how enterprises can compete effectively by opening up their previously closed networks to business partners, customers, and their own increasingly mobile workforce - while managing security and associated risks. Kirani will also share practical examples from Indian and global enterprises that have secured critical business interactions and operations successfully.TRANSCRIPT
1
1
Enterprise and Cloud Computing – Clouded Security?
Dr. Shekhar KiraniDr. Shekhar KiraniDr. Shekhar KiraniDr. Shekhar Kirani
Vice President and Country Manager,
VeriSign India
10/08/09
2
2
Digital World: How it looks?
1.3B Global Internet Users
1. Source: Forrester Research 2008
2. Source: Goldman Sachs 2007 CSO Survey
3. Source: Synovate 2008 Consumer Survey
1.5T E-mails
177M Web sites
3
3Source:http://www.verisign.com/Resources/Naming_Services
_Resources/Domain_Name_Industry_Brief/index.html
Enterprise interactions Have
Become Enterprise Internet
Interactions
Enteprise Internet Interactions
->
Enterprise Cloud Interactions
Why Such a Growth?
Efficiency & Convenience = $$$
4
4
What is Cloud Computing?
Cloud Computing Is NOT
Grid Computing
Grid Computing
Distributed computing that uses a cluster of networked computers,
acting in concert to perform a task
5
5
Defining Cloud Computing
Cloud Computing Is NOT
Elastic Compute CloudSun Grid Service
Grid Computing Utility Computing
Utility Computing
Virtualized computing resources, such as computation and storage, offered
as a metered service
6
6
Defining Cloud Computing
Cloud Computing Is NOT
Grid Computing Utility Computing SaaS
Software-As-A-Service
Delivery method of applications over the web using utility computing and
multi-tenant architecture
7
7
Defining Cloud Computing
Cloud Computing Is NOT
Then
what is it?
Grid Computing Utility Computing SaaS
8
8
Defining Cloud Computing
Cloud Computing IS
Grid Computing
Utility Computing
SaaS
+
+
+
Storage Infrastructure
Identity Infrastructure
Security Infrastructure
Application Integration and Mash-ups
Business Intelligence
Business Process Management
9
9
Definition of Cloud Computing
So, Cloud Computing is an emerging technology that:
• utilizes concepts of grid and utility computing
• to provide application services over the Internet
• along with all associated functions available with regular in-premise implementations
• and may work in conjunction with in-premise resources
10
10
Enterprise
CLOUD 1 CLOUD 2 CLOUD 3
Typical Enterprise Setup for Cloud Services
� Different URLs with login-name/password
combination.
� Account Provisioning is batch-mode
� Single Sign-on is not yet present.
� Different URLs with login-name/password
combination.
� Account Provisioning is batch-mode
� Single Sign-on is not yet present.
11
11
Cloud Security Basics
� End-to-end security is key for SaaS/PaaS/IaaS Vendors
� Stronger SLA and security than enterprise security.
� Every resource is access controlled, logged, protected, and managed. Principle of Least Privileged.
� Weakest link in the security chain is always exploited
� Physical, network, transaction, customer, employee, consultant, etc
� Least protected to more protected
� Social engineering – will remain key attack method
� Security by Design: Before v/s After Thought
� Cost and Usability
� Level of Security
� Likelihood of exploit
� Opportunity to exploit
� Deterrence, Prevention, Identification, and Action
12
12
78%
The Identity Problem of Cloud Computing
30%of Enterprises and SMBs view security as a top
concern in SaaS1
72%believe Identity and Access Management is the key security issue2
1. Source: Forrester Research 2008
2. Source: Goldman Sachs 2007 CSO Survey
of consumers want more control over securing
their identity3
3. Source: Synovate 2008 Consumer Survey
13
13
Enterprise
CLOUD 1
ROGUE
APP
Weak Link 1: Phishing in SaaS
14
14
Solution: Secure (EV Certs) or Green Bar Certs
15
15
Example: Green Browser Bar
Phishing Site –Bar turned Red!
16
16
Rogue Emp
Enterprise
CLOUD 1
Weak Link 2: Identity Theft
17
17
Rogue Emp
Enterprise
CLOUD 1
Weak Link 2: Identity Theft
18
18
Rogue Emp
Enterprise
CLOUD 1
Solution 2: Identity Theft
19
19
Solution: 2nd Factor (or 2nd Password)
� Offer a 2nd Factor solution in addition to login name/password
–What you know and What you have
� Offer 2nd Factor across all types of devices (tokens, mobile, cards, etc).
� Identity theft requires a physical device to be stolen -> makes it hard!
20
20
Solution: 2nd Factor (2nd Password) for Online Access
21
21
Rogue Emp
Enterprise
Weak Link 3: Application/Data Security
22
22
Solution: Strong Enterprise Encryption Solutions
Email Applications
Digital Certs
+ =Endpoint Security
Data Storage
Encrypted Communication
Protected Assets and Data
Secured Data at Rest
23
23
Enterprise
Sys Adm 1 Sys Adm 2 Rogue Adm
No Digital Cer.
Digital Certificate.
Weak Link 4: Insider Theft
24
24
Solution: Strong Authentication
+ =
Digital Certs
&
OTP Token
Web Applications
Remote Access
Desktop Logon
Networking
Multi-Factor Desktop Logon
Strong Web Authentication
Secure Remote Access
Secure Network Access
25
25
Enterprise
Bot 1
Bot 2
Bot 3
Weak Link 5: DDoS Attack on Service
26
26
Enterprise
Bot 1
Bot 2
Bot 3
Weak Link 5: DDoS Attack on Service
27
27
Infrastructure: Evolving and Sophisticated DDoS Attacks
Attack Bandwidth VS (Normal) Bandwidth
70
60
50
40
30
20
10
0
DN
S G
bp
s
Attack Bandwidth
2000 2001 2002 2003 2004 2005 2006
(Normal) Bandwidth
Microsoft
Root Server Attacks
AOL
SobigWorm
30x3x
New threats due to increased nodes and adoption of IP-based
mobile devices
VoIP/Cell Phone Worm
?
Attacks
DNS Reflector
Normal DNS Traffic
150x
100x
50x
Routing Loop .COM
40x
DDoS Packet Filtering During Attack
28
28
Summary
� Cloud Services need to offer Strong SLA and Security
than Enterprises can do on their own.
� Cloud Services need to demonstrate back-to-back
SLA/Security throughout the SaaS/PaaS/IaaS chain.
� Clould Services need to demonstrate how they plan to
do Deterrence, Prevention, Identification, and Action
against attacks
� Enterprise will move to Cloud if Security/Privacy
Issues are addressed
29
29
Thank you!