SlideShare ist ein Scribd-Unternehmen logo

Enterprise Strategy for Cloud Security

•
•
Bob Rhubart
Bob Rhubart

Security is high on the list of concerns for many organizations as they evaluate their cloud computing options. This session will examine security in the context of the various forms of cloud computing. We'll consider technical and non-technical aspects of security, and discuss several strategies for cloud computing, from both the consumer and producer perspectives.

TechnologieBusiness
1 von 37
Downloaden Sie, um offline zu lesen
<Insert Picture Here> Enterprise Strategy for Cloud Security Oracle Architect Day May 16, 2012 Dave Chappelle
Agenda • Cloud Security Considerations • Consumer Strategies • Provider Strategies
A Few General Considerations… • Multi-tenancy • Varying degrees of isolation (how thick are the walls?) • Unpredictable cohabitation (do you really know your neighbors?) • Isolation Barriers • Physical vs. logical • Several vs. few • Data (Operational, Metadata, Log Data, Backups, etc.) • Ownership • Dispersal, Privacy, and Retention Laws • Complexity • Technical: technologies, integration, domain federation • Business: policies, procedures, continuity • Auditing and Compliance • Capabilities and support
Security Principles & Cloud • Least Privilege • Restricting administrative privileges • Segregation of Duties • Consumer privileges vs. provider privileges • Compartmentalization • Controlling resource allocation/ utilization in a shared environment • Defense in Depth • Discontinuity…
Defense in Depth: Layers Identity & Access Management Security Governance, Security Database Security (online storage & backups) Risk Management, Management Content Security, Information Rights Management & Compliance & Monitoring Message Level Security Data Federation (SSO, Identity Propagation, Trust, …) Application Authentication, Authorization, Auditing (AAA) Security Assurance (coding practices) Host Platform O/S, Vulnerability Mgmt (patches), Desktop (malware protection),… Internal Network Transport Layer Security (encryption, identity) Firewalls, network address translation, denial Perimeter of service prevention, message parsing and validation, ... Physical Fences, walls, guards, locks, keys, badges, … Data Classification, Password Strengths, Policies, Procedures, & Awareness Code Reviews, Usage Policies, … OTN Architect Day 2011
Security Layering and Cloud Technology Integration Private Private Public Id & Access Mgmt Cloud Cloud Cloud Data SaaS Application / Service PaaS VMs Host IaaS Internal Network Perimeter Physical Your Cloud Organization Provider Policies & Procedures SGRC Security Management & Monitoring Planning & Reconciliation
Control Frameworks • ISO/IEC 27001:5 • NIST Recommended Security Controls for Federal Information Systems and Organizations (Pub 800-53) • COBIT • SANS 20 Critical Security Controls • Cloud Security Alliance Cloud Controls Matrix
NIST Security Controls Technical Operational Management • Access Control • Awareness & Training • Security Assessment & • Audit & Accountability • Configuration Management Authorization • Identification & Authentication • Contingency Planning • Planning • System & Communications • Incident Response • Risk Assessment Protection • Maintenance • System & Services • Media Protection Acquisition • Physical & Environmental • Program Management Protection • Personnel Security • System & Information Integrity
Exposure, Control, & Risk • Exposure • Public access to applications, services, platforms, & data • Administrative access Threat Categories • Data traversing unprotected networks • Reliance on isolation implementation(s) • Control (or delegation thereof) • Physical, managerial, operational • Functional and non-functional capabilities • Compliance • Search and seizure • Quantitative Risk = threat probability * magnitude of loss • Relative risk = RiskIT / RiskCloud
Service & Deployment Models Dependent upon Service Models internal controls Deployment Models • IaaS • Private operated, & managed • PaaS • Private, partner-operated & Exposure Control managed • SaaS • Private, partner-located, operated & managed • Remote dedicated / leased • Public, shared Dependent upon Cloud provider and internal compensating controls
Agenda • Cloud Security Considerations • Consumer Strategies o Security Governance, Risk Management, • Provider Strategies & Compliance (SGRC) o Usage Strategies o Identity & Access Management (IAM)
SGRC Strategy • How will Cloud providers be assessed for risk? • Who will evaluate assessments and have authority to grant approvals? • What compliance issues are pertinent to the use of Cloud? (Compliance with all government, industry, and internal policies and regulations.) • Who will review issues related to compliance and have authority to grant approvals? • Under what circumstances might a Cloud be used without a formal assessment and compliance review? • What governance processes will be established/used to properly evaluate a Cloud provider for all aspects of security (including business continuity)? • What governance processes will be established/used to actively monitor and audit access to, and usage of, company assets in a Cloud environment? • …
Usage Strategy • How the cloud will be used • Development & test vs. production • Internet access vs. private / VPN • Public content vs. sensitive information • …
Public Cloud, Public Access Point Internet Internet Users Users (Employees) (General Public) Intranet Users Intranet-Based Public-Facing Web Apps Web Apps (Internal DMZ) (Cloud DMZ) Non-Critical Business-Critical Systems, Systems & Public-Facing Sensitive Data VPN Content IAM Internal IT / Private Cloud Public Cloud (PaaS, IaaS) • Cloud is used to serve up public content • Sensitive data and monetized transactions are handled internally
Dedicated Datacenter Extension Internet Users Intranet Users Intranet-Based Web Apps (DMZ) Company-Owned Provider-Owned Infrastructure, IaaS/PaaS with Platforms & Software VPN Company Software IAM Internal IT / Private Cloud Dedicated Cloud (PaaS, IaaS) • Cloud is used to extend the capacity of IT • Private access to dedicated resources
Public Cloud for Commodity Computing Internet Users Intranet Users Custom Web Apps, Commodity Company Portals Web Apps (Internal DMZ) (Cloud DMZ) Custom-Built, Commodity Business- Applications Differentiating & Services Systems IAM IAM Internal IT / Private Cloud Public Cloud (SaaS) • SaaS providers used for commodity computing needs • Access most often via common Internet connectivity
Private Cloud, Standardization & Consolidation Support IT-Managed IaaS/PaaS Sales Private Cloud Finance Internal IT Private Cloud Migration Public Cloud (XaaS) • Private cloud offers an efficient alternative • Migration to cloud based on evaluation of projects in pipeline • Decision on public or private based on evaluation criteria
Identity and Access Management Strategy • How will management be accomplished without compromising existing IAM capabilities (standardized provisioning, approval, integration, audit, attestation, and analysis) • Centralized • Distributed • Federated • Synchronized • Replicated • …
Anonymous & Personalized Public Cloud Users Login Redirect / Login Secure Anonymous Systems & Applications, Sensitive Data Public Content Personalized AuthN AuthZ User Id Applications and Content Credentials, Roles, Attributes, Policies Identity & Access Management Internal IT / Private Cloud Public Cloud • Nothing in the cloud performs access control • Identity is used for non-security purposes (personalization, etc.)
Centralized IAM Users Login, Access Internal Applications, Private Clouds Network-Isolated IaaS/PaaS VPN AuthN AuthZ Public Cloud Credentials, Roles, Attributes, Policies Network-Isolated VPN Identity & Access Management IaaS/PaaS Internal IT / Private Cloud Public Cloud • Identity management and security services are centrally deployed • Cloud applications access centralized security services
Access Control with Vouched Identity Users Login Access SAML, OpenID Standalone SSO & Internal Applications Applications w/ RBAC, ABAC AuthN AuthZ AuthZ Credentials, Roles, Application Attributes, Policies Access Policies Identity & Access Management Access Policy Management Internal IT / Private Cloud Public Cloud • Users are authenticated by internal authentication services • Identity is securely propagated to enable authorization decisions in the cloud
Standalone Synchronized IAM Users Login Login Standalone Internal Cloud-based Applications Applications AuthN AuthZ AuthN AuthZ Credentials, Roles, Credentials, Roles, Attributes, Policies Attributes, Policies Identity & Access Management sync Identity & Access Management Internal IT / Private Cloud Public Cloud • Users are authenticated in multiple places • Identity data is synchronized across multiple locations via manual or automated processes
Federated IAM Users Login Access HTTP, SOAP Standalone Internal Cloud-based Applications Applications WS-Trust, WS-Fed AuthN AuthZ STS STS AuthN AuthZ Credentials, Roles, Id SAML Svc Credentials, Roles, Attributes, Policies Prov Prov Attributes, Policies Identity & Access Management sync Identity & Access Management Internal IT / Private Cloud Public Cloud • Federated identities may be mapped to cloud-based groups or roles • Synchronization becomes less critical due to abstraction
Brokered Identity Management Users Register & Manage Login Access Brokered Identity Customer-facing Management System Applications Internal IT / Private Cloud Credentials, Id Prov OpenID Attributes 3rd Party Identity Provider Cloud-based Applications Public Cloud • Brokered identity management relies on a trusted 3rd party to manage identities • Clouds, and optionally internal IT, may elect not to manage identities at all
Agenda • Cloud Security Considerations • Consumer Strategies • Provider Strategies
Provider Strategy • Velocity & Scale: Standardization & Governance • Minimal process deviation; enables automation • Default secure configurations • Common security services • Processes that automate the proper behavior • Domain Strategy • Group resources together appropriately and consistently apply the proper degree of security controls • Multi-tenancy Strategy • Defines how tenants will share resources securely • Cohabitation Strategy • Which tenants “belong together”
Service Model Domains All Users IaaS PaaS SaaS Cloud Domain Cloud Domain Cloud Domain Cloud Security & Management Public Cloud • Group tenants by service model • Rationale: similar services have similar configurations and security requirements • Similar services share the same access patterns
Network Tier Cloud Domains Web Tier Cloud Domain Dev / Test Private Cloud Apps & Services Partner Apps Cloud Domain Cloud Domain Dev / Test Public Cloud Data Tier BI / DW Cloud Domain Cloud Domain Dev / Test Environments Production Environment Cloud • Group tenants by network tier • Rationale: maintain network-level security controls using existing network infrastructure
Tenant Group-Based Domains All Users Group 1 Group 2 Group n Cloud Domain Cloud Domain Cloud Domain … Cloud Security & Management Public Cloud • Each group has dedicated resources with network isolation • Groups may reflect common data sensitivity, compliance, SLA requirements, etc.
Dedicated Access Domains Tenant 1 Tenant 2 Tenant n Private Network Private Network Private Network VPN VPN VPN Tenant 1 Tenant 2 Tenant n Cloud Domain Cloud Domain Cloud Domain … Cloud Security & Management Public Cloud • Tenant-based domains with VPN access • Share-nothing, greatest isolation, greatest cost
Multi-Tenancy Strategy • Shared everything • Shared Infrastructure • Virtual Machines • O/S virtualization • Shared Nothing
Shared Everything Tenant A Shared Tenant B Application Shared Tenant C Schema Shared Security Services & IAM • Common SaaS model for maximum economy of scale • Application must provide isolation • Data from multiple tenants is stored in the same database tables • Highest (relative) risk due to least control, greatest exposure
Shared Infrastructure: Virtual Machines Tenant A Virtual Environment A Apps Data Hypervisor Tenant B Virtual Environment B Apps Data Tenant C Virtual Environment C Apps Data Shared Infrastructure Shared Security Services & IAM • Each tenant has their own virtual environment • Isolation provided by hypervisor • Resource contention depends on VM capability and configuration • Adds an additional layer and processes to run and manage
Shared Infrastructure: OS Virtualization Resources Tenant A Zone 1 Operating System • Processes & Memory • Disks & Filesystems • NICs & IP Addresses • … Tenant B Zone 2 Controls • Max share of CPU • Max memory usage • Max network bandwidth Tenant C Zone 3 • … Shared Infrastructure Shared Security Services & IAM • Each tenant has their own processing zone • Isolation provided by the operating system • Resource contention depends on zone configuration • No VMs to run and manage, no abstraction layer between app & OS
Shared Nothing Tenant A Tenant B Tenant C Routing Application Schema Application Schema Application Schema Cluster A A Cluster B B Cluster C C IAM Partition A IAM Partition B IAM Partition C Resource Pool A Resource Pool B Resource Pool C Shared Security Services • Greatest degree of isolation, least economical
Final Thoughts • Define and execute on a strategy • Codify your appetite for risk; CYA • Consider all aspects of security • Use a framework • Not all clouds are the same • Be aware of the risks as well as the rewards • You can delegate responsibility but you can’t delegate accountability • Visit us online at http://www.oracle.com/goto/itstrategies
37

Empfohlen

Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Making IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingMaking IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingBob Rhubart
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Hi-Tech College
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 

Empfohlen

Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Making IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingMaking IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingBob Rhubart
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Hi-Tech College
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century Bob Rhubart
 
Going to the Cloud
Going to the Cloud Going to the Cloud
Going to the Cloud JosĂŠ Ferreiro
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...Eucalyptus Systems, Inc.
 
2nd day 2 - bsm overview
2nd day 2 - bsm overview 2nd day 2 - bsm overview
2nd day 2 - bsm overview Lilian Schaffer
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesPantheon
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century Bob Rhubart
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...Eucalyptus Systems, Inc.
 
2nd day 2 - bsm overview
2nd day 2 - bsm overview 2nd day 2 - bsm overview
2nd day 2 - bsm overview Lilian Schaffer
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 

Was ist angesagt? (20)

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud Adoption
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, Oracle
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century
 
Going to the Cloud
Going to the Cloud Going to the Cloud
Going to the Cloud
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Intro
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
 
2nd day 2 - bsm overview
2nd day 2 - bsm overview 2nd day 2 - bsm overview
2nd day 2 - bsm overview
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 

Andere mochten auch

Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesPantheon
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013RightScale
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Livingstone Advisory
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsPeter Rawsthorne
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014m1splacedsoul
 
Software Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity ModelsSoftware Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity ModelsMarco Morana
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panoramanfteodoro
 
Securing your web apps before they hurt the organization
Securing your web apps before they hurt the organizationSecuring your web apps before they hurt the organization
Securing your web apps before they hurt the organizationAntonio Fontes
 
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk EnvironmentDSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk EnvironmentAndris Soroka
 
Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Marco Morana
 
SDLC Transformation-Point of View
SDLC Transformation-Point of ViewSDLC Transformation-Point of View
SDLC Transformation-Point of ViewBob Sanders
 
Washington Mutual Bank's Collapse Under An Audit Perspective
Washington Mutual Bank's Collapse Under An Audit Perspective Washington Mutual Bank's Collapse Under An Audit Perspective
Washington Mutual Bank's Collapse Under An Audit Perspectivehong_nona
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1Bryan Cline, Ph.D.
 

Andere mochten auch (20)

Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
 
Software Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity ModelsSoftware Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity Models
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
 
Securing your web apps before they hurt the organization
Securing your web apps before they hurt the organizationSecuring your web apps before they hurt the organization
Securing your web apps before they hurt the organization
 
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk EnvironmentDSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
 
Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1
 
SDLC Transformation-Point of View
SDLC Transformation-Point of ViewSDLC Transformation-Point of View
SDLC Transformation-Point of View
 
Washington Mutual Bank's Collapse Under An Audit Perspective
Washington Mutual Bank's Collapse Under An Audit Perspective Washington Mutual Bank's Collapse Under An Audit Perspective
Washington Mutual Bank's Collapse Under An Audit Perspective
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1
 

Ähnlich wie Enterprise Strategy for Cloud Security

SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig information
SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig informationSĂĽdan undgĂĽr du misbrug af kundedata og fortrolig information
SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig informationIBM Danmark
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Priyanka Aash
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Tänased vþimalused turvalahendustes - Tarvi Tara
Tänased vþimalused turvalahendustes - Tarvi TaraTänased vþimalused turvalahendustes - Tarvi Tara
Tänased vþimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Bright and Gray areas of Clound Computing
Bright and Gray areas of Clound ComputingBright and Gray areas of Clound Computing
Bright and Gray areas of Clound Computingpallavikhandekar212
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideoutgueste69f645
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1Khazret Sapenov
 
Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 

Ähnlich wie Enterprise Strategy for Cloud Security (20)

SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig information
SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig informationSĂĽdan undgĂĽr du misbrug af kundedata og fortrolig information
SĂĽdan undgĂĽr du misbrug af kundedata og fortrolig information
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Tänased vþimalused turvalahendustes - Tarvi Tara
Tänased vþimalused turvalahendustes - Tarvi TaraTänased vþimalused turvalahendustes - Tarvi Tara
Tänased vþimalused turvalahendustes - Tarvi Tara
 
Bright and Gray areas of Clound Computing
Bright and Gray areas of Clound ComputingBright and Gray areas of Clound Computing
Bright and Gray areas of Clound Computing
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanation
 

Mehr von Bob Rhubart

High Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingHigh Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingBob Rhubart
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureBob Rhubart
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Oracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudOracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudBob Rhubart
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
Cloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsCloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsBob Rhubart
 
Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudBob Rhubart
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented ArchitectureBob Rhubart
 
Application-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsApplication-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsBob Rhubart
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise ManagerBob Rhubart
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleCloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleBob Rhubart
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureBob Rhubart
 
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu KrishnaswamyEvent Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu KrishnaswamyBob Rhubart
 
Cloud Computing: Making IT Simple
Cloud Computing: Making IT SimpleCloud Computing: Making IT Simple
Cloud Computing: Making IT SimpleBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 

Mehr von Bob Rhubart (20)

High Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingHigh Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud Computing
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle Coherence
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Oracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudOracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the Cloud
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOA
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Cloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsCloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and Directions
 
Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the Cloud
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
Application-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsApplication-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural Considerations
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the Future
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleCloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the Future
 
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu KrishnaswamyEvent Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
 
Cloud Computing: Making IT Simple
Cloud Computing: Making IT SimpleCloud Computing: Making IT Simple
Cloud Computing: Making IT Simple
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 

KĂźrzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 

KĂźrzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Enterprise Strategy for Cloud Security

  • 1. <Insert Picture Here> Enterprise Strategy for Cloud Security Oracle Architect Day May 16, 2012 Dave Chappelle
  • 2. Agenda • Cloud Security Considerations • Consumer Strategies • Provider Strategies
  • 3. A Few General Considerations… • Multi-tenancy • Varying degrees of isolation (how thick are the walls?) • Unpredictable cohabitation (do you really know your neighbors?) • Isolation Barriers • Physical vs. logical • Several vs. few • Data (Operational, Metadata, Log Data, Backups, etc.) • Ownership • Dispersal, Privacy, and Retention Laws • Complexity • Technical: technologies, integration, domain federation • Business: policies, procedures, continuity • Auditing and Compliance • Capabilities and support
  • 4. Security Principles & Cloud • Least Privilege • Restricting administrative privileges • Segregation of Duties • Consumer privileges vs. provider privileges • Compartmentalization • Controlling resource allocation/ utilization in a shared environment • Defense in Depth • Discontinuity…
  • 5. Defense in Depth: Layers Identity & Access Management Security Governance, Security Database Security (online storage & backups) Risk Management, Management Content Security, Information Rights Management & Compliance & Monitoring Message Level Security Data Federation (SSO, Identity Propagation, Trust, …) Application Authentication, Authorization, Auditing (AAA) Security Assurance (coding practices) Host Platform O/S, Vulnerability Mgmt (patches), Desktop (malware protection),… Internal Network Transport Layer Security (encryption, identity) Firewalls, network address translation, denial Perimeter of service prevention, message parsing and validation, ... Physical Fences, walls, guards, locks, keys, badges, … Data Classification, Password Strengths, Policies, Procedures, & Awareness Code Reviews, Usage Policies, … OTN Architect Day 2011
  • 6. Security Layering and Cloud Technology Integration Private Private Public Id & Access Mgmt Cloud Cloud Cloud Data SaaS Application / Service PaaS VMs Host IaaS Internal Network Perimeter Physical Your Cloud Organization Provider Policies & Procedures SGRC Security Management & Monitoring Planning & Reconciliation
  • 7. Control Frameworks • ISO/IEC 27001:5 • NIST Recommended Security Controls for Federal Information Systems and Organizations (Pub 800-53) • COBIT • SANS 20 Critical Security Controls • Cloud Security Alliance Cloud Controls Matrix
  • 8. NIST Security Controls Technical Operational Management • Access Control • Awareness & Training • Security Assessment & • Audit & Accountability • Configuration Management Authorization • Identification & Authentication • Contingency Planning • Planning • System & Communications • Incident Response • Risk Assessment Protection • Maintenance • System & Services • Media Protection Acquisition • Physical & Environmental • Program Management Protection • Personnel Security • System & Information Integrity
  • 9. Exposure, Control, & Risk • Exposure • Public access to applications, services, platforms, & data • Administrative access Threat Categories • Data traversing unprotected networks • Reliance on isolation implementation(s) • Control (or delegation thereof) • Physical, managerial, operational • Functional and non-functional capabilities • Compliance • Search and seizure • Quantitative Risk = threat probability * magnitude of loss • Relative risk = RiskIT / RiskCloud
  • 10. Service & Deployment Models Dependent upon Service Models internal controls Deployment Models • IaaS • Private operated, & managed • PaaS • Private, partner-operated & Exposure Control managed • SaaS • Private, partner-located, operated & managed • Remote dedicated / leased • Public, shared Dependent upon Cloud provider and internal compensating controls
  • 11. Agenda • Cloud Security Considerations • Consumer Strategies o Security Governance, Risk Management, • Provider Strategies & Compliance (SGRC) o Usage Strategies o Identity & Access Management (IAM)
  • 12. SGRC Strategy • How will Cloud providers be assessed for risk? • Who will evaluate assessments and have authority to grant approvals? • What compliance issues are pertinent to the use of Cloud? (Compliance with all government, industry, and internal policies and regulations.) • Who will review issues related to compliance and have authority to grant approvals? • Under what circumstances might a Cloud be used without a formal assessment and compliance review? • What governance processes will be established/used to properly evaluate a Cloud provider for all aspects of security (including business continuity)? • What governance processes will be established/used to actively monitor and audit access to, and usage of, company assets in a Cloud environment? • …
  • 13. Usage Strategy • How the cloud will be used • Development & test vs. production • Internet access vs. private / VPN • Public content vs. sensitive information • …
  • 14. Public Cloud, Public Access Point Internet Internet Users Users (Employees) (General Public) Intranet Users Intranet-Based Public-Facing Web Apps Web Apps (Internal DMZ) (Cloud DMZ) Non-Critical Business-Critical Systems, Systems & Public-Facing Sensitive Data VPN Content IAM Internal IT / Private Cloud Public Cloud (PaaS, IaaS) • Cloud is used to serve up public content • Sensitive data and monetized transactions are handled internally
  • 15. Dedicated Datacenter Extension Internet Users Intranet Users Intranet-Based Web Apps (DMZ) Company-Owned Provider-Owned Infrastructure, IaaS/PaaS with Platforms & Software VPN Company Software IAM Internal IT / Private Cloud Dedicated Cloud (PaaS, IaaS) • Cloud is used to extend the capacity of IT • Private access to dedicated resources
  • 16. Public Cloud for Commodity Computing Internet Users Intranet Users Custom Web Apps, Commodity Company Portals Web Apps (Internal DMZ) (Cloud DMZ) Custom-Built, Commodity Business- Applications Differentiating & Services Systems IAM IAM Internal IT / Private Cloud Public Cloud (SaaS) • SaaS providers used for commodity computing needs • Access most often via common Internet connectivity
  • 17. Private Cloud, Standardization & Consolidation Support IT-Managed IaaS/PaaS Sales Private Cloud Finance Internal IT Private Cloud Migration Public Cloud (XaaS) • Private cloud offers an efficient alternative • Migration to cloud based on evaluation of projects in pipeline • Decision on public or private based on evaluation criteria
  • 18. Identity and Access Management Strategy • How will management be accomplished without compromising existing IAM capabilities (standardized provisioning, approval, integration, audit, attestation, and analysis) • Centralized • Distributed • Federated • Synchronized • Replicated • …
  • 19. Anonymous & Personalized Public Cloud Users Login Redirect / Login Secure Anonymous Systems & Applications, Sensitive Data Public Content Personalized AuthN AuthZ User Id Applications and Content Credentials, Roles, Attributes, Policies Identity & Access Management Internal IT / Private Cloud Public Cloud • Nothing in the cloud performs access control • Identity is used for non-security purposes (personalization, etc.)
  • 20. Centralized IAM Users Login, Access Internal Applications, Private Clouds Network-Isolated IaaS/PaaS VPN AuthN AuthZ Public Cloud Credentials, Roles, Attributes, Policies Network-Isolated VPN Identity & Access Management IaaS/PaaS Internal IT / Private Cloud Public Cloud • Identity management and security services are centrally deployed • Cloud applications access centralized security services
  • 21. Access Control with Vouched Identity Users Login Access SAML, OpenID Standalone SSO & Internal Applications Applications w/ RBAC, ABAC AuthN AuthZ AuthZ Credentials, Roles, Application Attributes, Policies Access Policies Identity & Access Management Access Policy Management Internal IT / Private Cloud Public Cloud • Users are authenticated by internal authentication services • Identity is securely propagated to enable authorization decisions in the cloud
  • 22. Standalone Synchronized IAM Users Login Login Standalone Internal Cloud-based Applications Applications AuthN AuthZ AuthN AuthZ Credentials, Roles, Credentials, Roles, Attributes, Policies Attributes, Policies Identity & Access Management sync Identity & Access Management Internal IT / Private Cloud Public Cloud • Users are authenticated in multiple places • Identity data is synchronized across multiple locations via manual or automated processes
  • 23. Federated IAM Users Login Access HTTP, SOAP Standalone Internal Cloud-based Applications Applications WS-Trust, WS-Fed AuthN AuthZ STS STS AuthN AuthZ Credentials, Roles, Id SAML Svc Credentials, Roles, Attributes, Policies Prov Prov Attributes, Policies Identity & Access Management sync Identity & Access Management Internal IT / Private Cloud Public Cloud • Federated identities may be mapped to cloud-based groups or roles • Synchronization becomes less critical due to abstraction
  • 24. Brokered Identity Management Users Register & Manage Login Access Brokered Identity Customer-facing Management System Applications Internal IT / Private Cloud Credentials, Id Prov OpenID Attributes 3rd Party Identity Provider Cloud-based Applications Public Cloud • Brokered identity management relies on a trusted 3rd party to manage identities • Clouds, and optionally internal IT, may elect not to manage identities at all
  • 25. Agenda • Cloud Security Considerations • Consumer Strategies • Provider Strategies
  • 26. Provider Strategy • Velocity & Scale: Standardization & Governance • Minimal process deviation; enables automation • Default secure configurations • Common security services • Processes that automate the proper behavior • Domain Strategy • Group resources together appropriately and consistently apply the proper degree of security controls • Multi-tenancy Strategy • Defines how tenants will share resources securely • Cohabitation Strategy • Which tenants “belong together”
  • 27. Service Model Domains All Users IaaS PaaS SaaS Cloud Domain Cloud Domain Cloud Domain Cloud Security & Management Public Cloud • Group tenants by service model • Rationale: similar services have similar configurations and security requirements • Similar services share the same access patterns
  • 28. Network Tier Cloud Domains Web Tier Cloud Domain Dev / Test Private Cloud Apps & Services Partner Apps Cloud Domain Cloud Domain Dev / Test Public Cloud Data Tier BI / DW Cloud Domain Cloud Domain Dev / Test Environments Production Environment Cloud • Group tenants by network tier • Rationale: maintain network-level security controls using existing network infrastructure
  • 29. Tenant Group-Based Domains All Users Group 1 Group 2 Group n Cloud Domain Cloud Domain Cloud Domain … Cloud Security & Management Public Cloud • Each group has dedicated resources with network isolation • Groups may reflect common data sensitivity, compliance, SLA requirements, etc.
  • 30. Dedicated Access Domains Tenant 1 Tenant 2 Tenant n Private Network Private Network Private Network VPN VPN VPN Tenant 1 Tenant 2 Tenant n Cloud Domain Cloud Domain Cloud Domain … Cloud Security & Management Public Cloud • Tenant-based domains with VPN access • Share-nothing, greatest isolation, greatest cost
  • 31. Multi-Tenancy Strategy • Shared everything • Shared Infrastructure • Virtual Machines • O/S virtualization • Shared Nothing
  • 32. Shared Everything Tenant A Shared Tenant B Application Shared Tenant C Schema Shared Security Services & IAM • Common SaaS model for maximum economy of scale • Application must provide isolation • Data from multiple tenants is stored in the same database tables • Highest (relative) risk due to least control, greatest exposure
  • 33. Shared Infrastructure: Virtual Machines Tenant A Virtual Environment A Apps Data Hypervisor Tenant B Virtual Environment B Apps Data Tenant C Virtual Environment C Apps Data Shared Infrastructure Shared Security Services & IAM • Each tenant has their own virtual environment • Isolation provided by hypervisor • Resource contention depends on VM capability and configuration • Adds an additional layer and processes to run and manage
  • 34. Shared Infrastructure: OS Virtualization Resources Tenant A Zone 1 Operating System • Processes & Memory • Disks & Filesystems • NICs & IP Addresses • … Tenant B Zone 2 Controls • Max share of CPU • Max memory usage • Max network bandwidth Tenant C Zone 3 • … Shared Infrastructure Shared Security Services & IAM • Each tenant has their own processing zone • Isolation provided by the operating system • Resource contention depends on zone configuration • No VMs to run and manage, no abstraction layer between app & OS
  • 35. Shared Nothing Tenant A Tenant B Tenant C Routing Application Schema Application Schema Application Schema Cluster A A Cluster B B Cluster C C IAM Partition A IAM Partition B IAM Partition C Resource Pool A Resource Pool B Resource Pool C Shared Security Services • Greatest degree of isolation, least economical
  • 36. Final Thoughts • Define and execute on a strategy • Codify your appetite for risk; CYA • Consider all aspects of security • Use a framework • Not all clouds are the same • Be aware of the risks as well as the rewards • You can delegate responsibility but you can’t delegate accountability • Visit us online at http://www.oracle.com/goto/itstrategies
  • 37. 37