SlideShare ist ein Scribd-Unternehmen logo

5 Easy Steps to Securing Workloads on Public Clouds

Als PPTX, PDF herunterladen
IBM Security
IBM Security

Cloud security remains a major consideration for projects moving to the cloud. While the topic has become less of an inhibitor to cloud adoption, the growing number of options creates complexity challenges and integration limitations. This webinar will focus on best practices for securing cloud workloads, based on common patterns emerging from customer deployments across a variety of cloud environments. The session will highlight current differences between traditional software security and security in the cloud. It will touch upon emerging capabilities in virtual security products, and it will conclude with a tour of where virtualized security is heading and highlight how it can be stronger and faster than anything we had before. View the full on-demand webcast: http://securityintelligence.com/events/secure-workloads-public-clouds-5-easy-steps/#.VMvUbPMo6Mo

Technologie
1 von 36
© 2012 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds Jeff Hoy Cloud Security Architect IBM Security Systems, CTO Office May 21, 2014
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 3 Share our views about Cloud Security • How cloud is changing security • Impact to your organization 5 Easy Steps to securing workloads • Topology-based options • Detailed examples Looking forward • Trends in cloud direction • Emerging security capabilities Goals of This Webinar 1 2 3
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 4 Speaker Background About Jeff • Cloud Security Architect • IBM Security Systems • CTO Team • 12+ years with IBM • jeffhoy@us.ibm.com Focus Areas: • Cloud Security Enablement • SaaS Security • Hybrid Cloud • Next Generation Cloud Security
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 5 Topic: Securing the Cloud Security in the Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 6 Services Acquired Organization / Buyers Security Responsibilities and Objectives Software as a Service (SaaS) CxOs (CIO, CMO, CHRO, ...)  Complete visibility to enterprise SaaS usage and risk profiling  Governance of user access to SaaS and identity federation Platform as a Service (PaaS) Application teams, LOBs  Enable developers to compose secure cloud applications and APIs, with enhanced user experience  Visibility and protection against fraud and applications threats Infrastructure as a Service (IaaS) CIO, IT teams  Protect the cloud infrastructure to securely deploy workloads and meet compliance objectives  Have full operational visibility across hybrid cloud deployments, and govern usage Security objectives reflect responsibilities when adopting Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 7 Trusted Intranet Online Banking Application Employee Application DMZ Untrusted Internet 7 Traditional perimeter based security controls …
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 8 Online Banking Application Investment API Services Employee Application Build and Deliver Apps, Services (PaaS) Consume Apps and Services (SaaS) Leverage Public Clouds (IaaS) Trusted Intranet DMZ Untrusted Internet 8 Apps, APIs Services Traditional perimeter based security controls … … are changing to security centered around applications and interactions
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 9 Cloud Security Capabilities Identity Protection Insight Protect infrastructure, applications, and data from threats Auditable intelligence on cloud access, activity, cost and compliance Manage identities and govern user access IaaS: Securing infrastructure and workloads SaaS: Secure usage of business applications PaaS: Secure service composition and apps Bluemix We see three sets of capabilities to help adopt cloud with confidence
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 10 How will complex environments evolve for your organization?
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 11 Topic: 5 Easy Steps 5 Easy Steps to Securing Workloads on Public Clouds
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 12 Step #1: Basic Security Enablement Traditional on-premise IPS Visibility Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Public cloud-based IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Same principles apply Visibility
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 13 Monitor & manage security posture Configure application centric security policies Provision secure cloud infrastructure User Access Customer Application Network Protection Cloud Admins Security Team Application Team Enterprise Roles Service users Securely Access Cloud services Security Intelligence Data Security Example #1: Securing Workloads on Cloud Infrastructure (IaaS) EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 14 Step #2: Pattern-Based Security IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt Visibility System Template Pattern Engine Preconfigured Systems Customize
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 15 Example #2: Secure Image Deployment Virtual Image • Apache HTTP Server • WebSphere Liberty • Banking EJB • IBM Access Manager • IBM Identity Manager • Restrictive Firewalls • Endpoint Manager • Disk encryption • Credential Vault Deploy Images Update Images • IP Address • Hostname • Credentials, etc Production System EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 16 Shared Security Services REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing Security Policy Management for Cloud Step #3: Automation-Enabled Pattern & Policy-driven Approaches
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 17 Example #3: Pattern-Based Access Management Security Web Gateway Web Application 1 2 3 4 56 78 9 10 Environment Components 1. QRadar vSys Pattern 2. External ISAM Appliance 3. ISAM Log Integration 4. WebSEAL Reverse Proxy 5. Application vSys Pattern 6. Application TAI + Junction 7. Consolidated Logbackup 8. SQL Injection Attack 9. Application Response 10. QRadar threat console EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 18 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Workloads deployed in private virtual Environments Public Cloud Services Step #4: Integrated Intelligence across Hybrid Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 19 Example #4: Security Intelligence for Virtual Infrastructure Business challenge: • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data Solution: • Scales to large volumes • User friendly reporting • Quick search and review of logs • Reasonable cost of ownership SaaS applications Infrastructure as a Service Security Intelligence for Hybrid Cloud 19 Virtualized data center EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 20 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Step #5: Leverage Security SaaS
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 21 Example #5: SaaS Security Usage in Your Environment EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 22 Topic: Looking Forward Cloud Security Trends
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 23 IBM SECURITY SYSTEMS :: IBM Confidential :: ©2013 IBM Corporation Dynamic Analysis Interactive Analysis Mobile App Analysis Static Analysis Application Security Management Inventory assets Assess business impact Measure status & progress Prioritize vulnerabilities Determine compliance DEV OPS Dynamic Analysis Database monitoring Security Intelligence SIEM Network Activity Monitoring Vulnerability Mgmt Log Mgmt Network Protection Fraud Protection AppScan QRadar Guardium SiteProtetor/ IPS Trusteer Security Across the Cloud DevOps lifecycle
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 24 DMZ Trusted Intranet Online banking application Online Banking Application Migrating Online Application to off-premise cloud Traditional Data Center End UsersDomain Specialized Developer Infrastructure Operations Security & Compliance Manager Cloud Application Zone Active Protection – Typical Scenario
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 25 Access Application 4 Deploy App Provision workload and security components 2 Online Banking App Workload Box IBM Access Manager IBM QRadar SIEM Web App DBWeb App DB 2 1 Config & Automation 3 Secure Application Demo Available - User Access Management, Web Application Protection, Log Management, Security Intelligence Cloud Application Zone Active Protection - Solution Overview
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 26 • Data security as a virtual appliance deployed on the Cloud • Data activity monitoring across hybrid clouds – virtualized and public clouds • Provides vulnerability assessments of data systems • Encrypts and masks sensitive data when used by privileged users Data is… • Leaving the data center • Stored on shared drives and cloud infrastructure • Hosted by 3rd party • Managed by 3rd party Data Protection Business Challenge: Solution: 26 Virtualized data center IBM InfoSphere Guardium Encryption Masking 123 XJE Activity Monitoring Activity Monitoring Vulnerability Assessment Vulnerability Assessment Structured & Unstructured Data Cloud ready data security and privacy on the cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 27 Today Announcements Delivering security from the cloud: Solutions to protect cloud workloads: Identity-as-a-Service beta for the IBM Cloud Platform Security Optimization & Threat Monitoring QRadar optimizations for cloud Enhanced Virtual Threat Protection IBM leads with enterprise-grade cloud security
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 28 Cloud creates opportunities for enhanced security 5 Easy steps to securing workloads 1. Basic Enablement 2. Pattern-Based Security 3. Automated Integration 4. Hybrid Cloud Security 5. Leveraging SaaS Going forward • Direction of the cloud • Emerging security capabilities Summary 1 2 3
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 29 Key Cloud Resources IBM Best Cloud Computing Security IBM Research and Papers  Special research concentration in cloud security, including white Papers, Redbooks, Solution Brief – Cloud Security IBM X-Force  Proactive counter intelligence and public education http://www-03.ibm.com/security/xforce/ IBM Institute for Advanced Security  Cloud Security Zone and Blog (Link) Customer Case Study  EXA Corporation creates a secure and resilient private cloud (Link) Collateral Sales Support:  NEW IBM Cloud Security Strategy and Community connections page (Link)  NEW Internal IBM SWG Sellers Workplace – Cloud Security Collateral - (Link)  SmartCloud Security Solutions Sales Kit – (Link) Other Links:  IBM Media series – SEI Cloud Security (Link)  External IBM.COM : IBM Security Solutions (Link)  External IBM.COM : IBM SmartCloud– security (Link)  IBM SmartCloud security video (Link)
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 30 Questions? We Value Your Feedback!
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 31 Backup
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 32 Insight Establish intelligence across enterprise and cloud •QRadar SIEM QRadar Log Manager QRadar Forensics rotection Protect data, applications and infrastructure from threats and risks Data & Application • IBM InfoSphere Guardium • IBM Security AppScan • IBM WebSphere DataPower Infrastructure • IBM Security Network Protection • IBM Security Trusteer • IBM Endpoint Manager Protection Protect data, applications and infrastructure from threats and risks Identity Manage users and their access to cloudand access Identity • Identity Service - Beta • IBM Security Access Manager • IBM Security Privileged Identity Manager Identity Manage users and their access to cloud Intelligent Security for the Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 33  AppScan Mobile Analyzer – Ability to upload Android APKs to the cloud for an IAST (interactive application security scan) • Service available through the BlueMix catalog • Upload an APK and receive a security PDF report • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer  AppScan DAST on BlueMix – Run a DAST scan on web application deployed on BlueMix • Service available through the BlueMix catalog • Almost zero configuration (User Name/Password) • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer AppScan Service & APIs from Bluemix
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 34 Cloud software delivery as virtual appliances Security Software Security capabilities as virtual appliances. They should be available as shared services through APIs. Delivering security capabilities as virtual appliances will enable -Security enforcement ‘near’ workloads and in software defined environments - Protection within on-premise virtual environments or hosted clouds
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 35 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Applications require easy-to-use, API-based services
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 36 DMZ Trusted Intranet Demo Scenario - Visibility to hybrid cloud application Jane Andrew Public Cloud Services Provision infrastructure Deploy App Private Cloud Services Fred Customers Monitor Usage & Security of the Environments Access App Reverse Proxy Load balance Gateway Cloudburst

Empfohlen

Security automation
Security automationSecurity automation
Security automationHexis Cyber Solutions
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security AutomationShawn Wells
 

Empfohlen

Security automation
Security automationSecurity automation
Security automationHexis Cyber Solutions
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security AutomationShawn Wells
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Weitere ähnliche Inhalte

Mehr von IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

Mehr von IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Kürzlich hochgeladen

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Kürzlich hochgeladen (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

5 Easy Steps to Securing Workloads on Public Clouds

  • 1. © 2012 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds Jeff Hoy Cloud Security Architect IBM Security Systems, CTO Office May 21, 2014
  • 2. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  • 3. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 3 Share our views about Cloud Security • How cloud is changing security • Impact to your organization 5 Easy Steps to securing workloads • Topology-based options • Detailed examples Looking forward • Trends in cloud direction • Emerging security capabilities Goals of This Webinar 1 2 3
  • 4. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 4 Speaker Background About Jeff • Cloud Security Architect • IBM Security Systems • CTO Team • 12+ years with IBM • jeffhoy@us.ibm.com Focus Areas: • Cloud Security Enablement • SaaS Security • Hybrid Cloud • Next Generation Cloud Security
  • 5. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 5 Topic: Securing the Cloud Security in the Cloud
  • 6. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 6 Services Acquired Organization / Buyers Security Responsibilities and Objectives Software as a Service (SaaS) CxOs (CIO, CMO, CHRO, ...)  Complete visibility to enterprise SaaS usage and risk profiling  Governance of user access to SaaS and identity federation Platform as a Service (PaaS) Application teams, LOBs  Enable developers to compose secure cloud applications and APIs, with enhanced user experience  Visibility and protection against fraud and applications threats Infrastructure as a Service (IaaS) CIO, IT teams  Protect the cloud infrastructure to securely deploy workloads and meet compliance objectives  Have full operational visibility across hybrid cloud deployments, and govern usage Security objectives reflect responsibilities when adopting Cloud
  • 7. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 7 Trusted Intranet Online Banking Application Employee Application DMZ Untrusted Internet 7 Traditional perimeter based security controls …
  • 8. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 8 Online Banking Application Investment API Services Employee Application Build and Deliver Apps, Services (PaaS) Consume Apps and Services (SaaS) Leverage Public Clouds (IaaS) Trusted Intranet DMZ Untrusted Internet 8 Apps, APIs Services Traditional perimeter based security controls … … are changing to security centered around applications and interactions
  • 9. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 9 Cloud Security Capabilities Identity Protection Insight Protect infrastructure, applications, and data from threats Auditable intelligence on cloud access, activity, cost and compliance Manage identities and govern user access IaaS: Securing infrastructure and workloads SaaS: Secure usage of business applications PaaS: Secure service composition and apps Bluemix We see three sets of capabilities to help adopt cloud with confidence
  • 10. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 10 How will complex environments evolve for your organization?
  • 11. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 11 Topic: 5 Easy Steps 5 Easy Steps to Securing Workloads on Public Clouds
  • 12. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 12 Step #1: Basic Security Enablement Traditional on-premise IPS Visibility Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Public cloud-based IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Same principles apply Visibility
  • 13. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 13 Monitor & manage security posture Configure application centric security policies Provision secure cloud infrastructure User Access Customer Application Network Protection Cloud Admins Security Team Application Team Enterprise Roles Service users Securely Access Cloud services Security Intelligence Data Security Example #1: Securing Workloads on Cloud Infrastructure (IaaS) EXAMPLE
  • 14. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 14 Step #2: Pattern-Based Security IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt Visibility System Template Pattern Engine Preconfigured Systems Customize
  • 15. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 15 Example #2: Secure Image Deployment Virtual Image • Apache HTTP Server • WebSphere Liberty • Banking EJB • IBM Access Manager • IBM Identity Manager • Restrictive Firewalls • Endpoint Manager • Disk encryption • Credential Vault Deploy Images Update Images • IP Address • Hostname • Credentials, etc Production System EXAMPLE
  • 16. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 16 Shared Security Services REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing Security Policy Management for Cloud Step #3: Automation-Enabled Pattern & Policy-driven Approaches
  • 17. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 17 Example #3: Pattern-Based Access Management Security Web Gateway Web Application 1 2 3 4 56 78 9 10 Environment Components 1. QRadar vSys Pattern 2. External ISAM Appliance 3. ISAM Log Integration 4. WebSEAL Reverse Proxy 5. Application vSys Pattern 6. Application TAI + Junction 7. Consolidated Logbackup 8. SQL Injection Attack 9. Application Response 10. QRadar threat console EXAMPLE
  • 18. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 18 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Workloads deployed in private virtual Environments Public Cloud Services Step #4: Integrated Intelligence across Hybrid Cloud
  • 19. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 19 Example #4: Security Intelligence for Virtual Infrastructure Business challenge: • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data Solution: • Scales to large volumes • User friendly reporting • Quick search and review of logs • Reasonable cost of ownership SaaS applications Infrastructure as a Service Security Intelligence for Hybrid Cloud 19 Virtualized data center EXAMPLE
  • 20. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 20 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Step #5: Leverage Security SaaS
  • 21. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 21 Example #5: SaaS Security Usage in Your Environment EXAMPLE
  • 22. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 22 Topic: Looking Forward Cloud Security Trends
  • 23. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 23 IBM SECURITY SYSTEMS :: IBM Confidential :: ©2013 IBM Corporation Dynamic Analysis Interactive Analysis Mobile App Analysis Static Analysis Application Security Management Inventory assets Assess business impact Measure status & progress Prioritize vulnerabilities Determine compliance DEV OPS Dynamic Analysis Database monitoring Security Intelligence SIEM Network Activity Monitoring Vulnerability Mgmt Log Mgmt Network Protection Fraud Protection AppScan QRadar Guardium SiteProtetor/ IPS Trusteer Security Across the Cloud DevOps lifecycle
  • 24. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 24 DMZ Trusted Intranet Online banking application Online Banking Application Migrating Online Application to off-premise cloud Traditional Data Center End UsersDomain Specialized Developer Infrastructure Operations Security & Compliance Manager Cloud Application Zone Active Protection – Typical Scenario
  • 25. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 25 Access Application 4 Deploy App Provision workload and security components 2 Online Banking App Workload Box IBM Access Manager IBM QRadar SIEM Web App DBWeb App DB 2 1 Config & Automation 3 Secure Application Demo Available - User Access Management, Web Application Protection, Log Management, Security Intelligence Cloud Application Zone Active Protection - Solution Overview
  • 26. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 26 • Data security as a virtual appliance deployed on the Cloud • Data activity monitoring across hybrid clouds – virtualized and public clouds • Provides vulnerability assessments of data systems • Encrypts and masks sensitive data when used by privileged users Data is… • Leaving the data center • Stored on shared drives and cloud infrastructure • Hosted by 3rd party • Managed by 3rd party Data Protection Business Challenge: Solution: 26 Virtualized data center IBM InfoSphere Guardium Encryption Masking 123 XJE Activity Monitoring Activity Monitoring Vulnerability Assessment Vulnerability Assessment Structured & Unstructured Data Cloud ready data security and privacy on the cloud
  • 27. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 27 Today Announcements Delivering security from the cloud: Solutions to protect cloud workloads: Identity-as-a-Service beta for the IBM Cloud Platform Security Optimization & Threat Monitoring QRadar optimizations for cloud Enhanced Virtual Threat Protection IBM leads with enterprise-grade cloud security
  • 28. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 28 Cloud creates opportunities for enhanced security 5 Easy steps to securing workloads 1. Basic Enablement 2. Pattern-Based Security 3. Automated Integration 4. Hybrid Cloud Security 5. Leveraging SaaS Going forward • Direction of the cloud • Emerging security capabilities Summary 1 2 3
  • 29. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 29 Key Cloud Resources IBM Best Cloud Computing Security IBM Research and Papers  Special research concentration in cloud security, including white Papers, Redbooks, Solution Brief – Cloud Security IBM X-Force  Proactive counter intelligence and public education http://www-03.ibm.com/security/xforce/ IBM Institute for Advanced Security  Cloud Security Zone and Blog (Link) Customer Case Study  EXA Corporation creates a secure and resilient private cloud (Link) Collateral Sales Support:  NEW IBM Cloud Security Strategy and Community connections page (Link)  NEW Internal IBM SWG Sellers Workplace – Cloud Security Collateral - (Link)  SmartCloud Security Solutions Sales Kit – (Link) Other Links:  IBM Media series – SEI Cloud Security (Link)  External IBM.COM : IBM Security Solutions (Link)  External IBM.COM : IBM SmartCloud– security (Link)  IBM SmartCloud security video (Link)
  • 30. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 30 Questions? We Value Your Feedback!
  • 31. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 31 Backup
  • 32. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 32 Insight Establish intelligence across enterprise and cloud •QRadar SIEM QRadar Log Manager QRadar Forensics rotection Protect data, applications and infrastructure from threats and risks Data & Application • IBM InfoSphere Guardium • IBM Security AppScan • IBM WebSphere DataPower Infrastructure • IBM Security Network Protection • IBM Security Trusteer • IBM Endpoint Manager Protection Protect data, applications and infrastructure from threats and risks Identity Manage users and their access to cloudand access Identity • Identity Service - Beta • IBM Security Access Manager • IBM Security Privileged Identity Manager Identity Manage users and their access to cloud Intelligent Security for the Cloud
  • 33. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 33  AppScan Mobile Analyzer – Ability to upload Android APKs to the cloud for an IAST (interactive application security scan) • Service available through the BlueMix catalog • Upload an APK and receive a security PDF report • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer  AppScan DAST on BlueMix – Run a DAST scan on web application deployed on BlueMix • Service available through the BlueMix catalog • Almost zero configuration (User Name/Password) • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer AppScan Service & APIs from Bluemix
  • 34. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 34 Cloud software delivery as virtual appliances Security Software Security capabilities as virtual appliances. They should be available as shared services through APIs. Delivering security capabilities as virtual appliances will enable -Security enforcement ‘near’ workloads and in software defined environments - Protection within on-premise virtual environments or hosted clouds
  • 35. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 35 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Applications require easy-to-use, API-based services
  • 36. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 36 DMZ Trusted Intranet Demo Scenario - Visibility to hybrid cloud application Jane Andrew Public Cloud Services Provision infrastructure Deploy App Private Cloud Services Fred Customers Monitor Usage & Security of the Environments Access App Reverse Proxy Load balance Gateway Cloudburst