SlideShare a Scribd company logo

Secure your cloud applications by building solid foundations with enterprise (security) architecture

Download as PPTX, PDF
Vladimir Jirasek
Vladimir Jirasek

This is a lecture I gave to CSA Slovenia in may 2013.

TechnologyBusiness
1 of 35
Jirasek Consulting Services Classification: Public 1 Supporting Business Agility Secure your cloud applications by building solid foundations with enterprise (security ) architecture Vladimir Jirasek, Managing director Jirasek Consulting Services & Research Director, Cloud Security Alliance, UK chapter
Jirasek Consulting Services Classification: Public 2 About me • MBA (MSc) degree • 20 years experience in IT • 13 years experience in InfoSec • Worked in various companies in diverse sectors • Engaged in security organisations as projects such as CAMM, CSA • Technical editor of a cloud security book • Present at security and IT conferences
Jirasek Consulting Services Classification: Public 3 Agenda • Enterprise architecture crash course • Security architecture overview • Cloud security models • Governance in Cloud • Data security in Cloud • Identity and Access in Cloud
Supporting Business Agility Jirasek Consulting Services Classification: Public 4 ENTERPRISE ARCHITECTURE
Jirasek Consulting Services Classification: Public 5 What is Enterprise Architecture Enterprise architecture (EA) is the process of translating business vision and strategy into effective enterprise change by creating, communicating and improving the key requirements, principles and models that describe the enterprise's future state and enable its evolution. Wikipedia Common sense to ensure everyone in a company is pulling in one direction, maximising ROI, reducing waste, increasing efficiency, effectiveness, agility, maintaining strategic focus and delivering tactical solutions. Vladimir Jirasek Enterprise architecture is about strategy, not about engineering. Gartner
Jirasek Consulting Services Classification: Public 6 EA is a business support function Should be discussed here Is commonly discussed here
Jirasek Consulting Services Classification: Public 7 EA frameworks Source: http://msdn.microsoft.com/en-us/library/bb466232.aspx
Jirasek Consulting Services Classification: Public 8 One of the most used architecture frameworks: TOGAF
Supporting Business Agility Jirasek Consulting Services Classification: Public 9 ENTERPRISE SECURITY ARCHITECTURE
Jirasek Consulting Services Classification: Public 10 Security model – business drives security Information Security policies Input Business objectives Compliance requirements Laws & Regulations Business impact Business & information risks Defin e Defin e Defin e Security threats International security standards Information Security standards Information Security guidelines Security intelligence Input Line Management Auditors Security management Risk & Compliance Governance Product Management Program Management Assurance Security Services Security Professionals IT GRC Inform Information Security Processes Technology Policy framework Security management People Services Define security controls Execute security controls Information Security Metrics objectives Metrics framework Measure security maturity External security metrics Mandate Measured by Input Correction of security processes Feedback: update business requirements Process framework
Jirasek Consulting Services Classification: Public 11 Security architecture domains • Security architect work across all domains • Stakeholder in EA • Works with domain architects (depends on the size of an organisation)
Jirasek Consulting Services Classification: Public 12 Cloud model maps to Security model Cloud model Direct map
Jirasek Consulting Services Classification: Public 13 Responsibilities for areas in security model compared to delivery models Physical security Network security Host security Application sec. Data security SIEM Identity, Access Cryptography Business continuity GRC Provider responsible Customer responsible IaaS PaaS SaaS IaaS PaaS SaaS
Jirasek Consulting Services Classification: Public 14 Present time Future Should data security be on CIOs agendas? Why only CIO? Not many security breaches so far. Why? Will become targeted as more enterprises rely on public Cloud computing Mandatory reading! Cloud provider reputation/costs Your company reputation/costs Consolidation of Cloud providers Cost savings in Enterprises PaaS/SaaS SaaS SaaS
Supporting Business Agility Jirasek Consulting Services Classification: Public 15 CLOUD DEPLOYMENT GOVERNANCE
Jirasek Consulting Services Classification: Public 16 Governance related to Cloud • Setting company policy for Cloud computing • Risk based decision which Cloud provider, if any, to engage • Assigning responsibilities for enforcing and monitoring of the policy compliance • Set corrective actions for non-compliance
Jirasek Consulting Services Classification: Public 17 Cloud governance::Policy • Cloud adopted typically by a) IT directors – managed relatively consistently and mostly [I|P]aaS b) Business managers – less governance; typically SaaS • Policy should state: It is a policy of …. to manage the usage of external Cloud computing services, taking into account risks to business processes, legal and regulatory compliance when using external services Cloud services. CIO is responsible for creating and communicating external Cloud computing strategy and standards.
Jirasek Consulting Services Classification: Public 18 Cloud standard structure • General statements – Governance requirements for Cloud – Enterprise architecture to be ready for Cloud and Cloud services to plug-in (IAM, SIEM, Data architecture, Forensic) – Discovery of Cloud service use • Before Cloud project – Cloud service to comply with data classification – Encrypting all sensitive data in Cloud – Identity and Access management (AAA) link to Cloud service • During Cloud project – Due diligence to be performed – Do not forget “right to audit” – Know locations of PII • During Cloud project (cont) – Assess availability (SLA and DR) of Cloud provider – Assess Cloud provider security controls – Assess potential for forensic investigation by company’s team • Running a Cloud service – Limit use of live data for development and testing – Monitor cloud provider’s security controls – Link Company’s SIEM with Cloud provider and monitor for incidents • Moving out of Cloud – Data cleansing – Data portability
Jirasek Consulting Services Classification: Public 19 Examples: I have 1TB of CSV files, now what? • Customer uses well know CRM in Cloud • SaaS designed to immerse clients into well defined, bespoke CRM • No known data mode • Export of data in CSV. Tip: Portability is the key in SaaS applications. Think about leaving the Cloud provider upfront. How will you take your data?
Jirasek Consulting Services Classification: Public 20 Example: Scaling up/down development • Large manufacture and service company • Requirement to support development needs with seasonal demands – ideal case for [I|P]aaS • Security team approached up-front to perform review • “Live” data not uploaded to the provider before on-site sanitising
Supporting Business Agility Jirasek Consulting Services Classification: Public 21 DATA SECURITY IN CLOUD
Jirasek Consulting Services Classification: Public 22 Cloud provider: “AES-128 so it must be secure! Trust me!” PDFSecret PDFSecret 0101000 1101010 1010110 1010100 1010101 0101100 110101 Cloud service user Just because it is encrypted does not make it secure… Look end to end. Cloud Service Provider
Jirasek Consulting Services Classification: Public 23 However not all data in the cloud are secret!
Jirasek Consulting Services Classification: Public 24 Sometimes too much encryption is bad though. Who holds encryption keys? Are they available?
Jirasek Consulting Services Classification: Public 25 Data protection options in cloud models Infrastructure as a Service Platform as a Service Software as a Service Encryption appliance (e.g. Safe-Net ProtectV) Application encryption (customer retains keys) Network Network VPN (could extend to SaaS) Web TLS (for IaaS operated by customer) Hos t Provider dependent and operated host encryption Application Tokenisation and anonymisation Data Extend company file or object encryption Encrypting/tokenising reverse proxy engines (e.g. CipherCloud) SIEM Extend company SIEM Plug-in to Provider’s SIEM Extend DLP or eDRM Provider operated data/database encryption
Jirasek Consulting Services Classification: Public 26 Example of SaaS – Use of Gmail inside and outside an organisation • SaaS web based application. Other standard interfaces – IMAP, POP3, SMTP, Web API • Data in Gmail available to anyone with proper authentication • TLS used on transport layer • Consider using CipherCloud like product but be mindful of traffic flows with external customers Sender Recipient Intra company Recipient Proxy Sender
Jirasek Consulting Services Classification: Public 27 Example of IaaS – Cloud provider offers virtual computing resources for Internal apps deployment • Cloud provider can theoretically access all data, if decryption happens on the virtual machine! But would they? • Use two possible models:  Local crypto operations with remote key management. Consider SafeNet ProtectV  Remote crypto operations over VPN – speed penalty Internal user Administrator Intra company VPN Virtual servers Travelling user Key management Data encrypted Local encryption operations Data encrypted Remote encryption operations HSM
Supporting Business Agility Jirasek Consulting Services Classification: Public 28 IDENTITY AND ACCESS MANAGEMENT IN CLOUD
Jirasek Consulting Services Classification: Public 29 IAM is a complex domain::closer to information management then security! Identity management Access management Federation Entitlements These capabilities can be and are mixed between on-site managed by organisations or provided as a service by Cloud providers.
Jirasek Consulting Services Classification: Public 30 Identity management::mostly information management • Principal management • Credential management • Attribute management • Group memberships • Business and IT roles • Directory • Link to HR data Provision and de-provision users from cloud services automatically
Jirasek Consulting Services Classification: Public 31 Entitlements and Access management Entitlements • Managing access policies • XACML policies – (Subject, Rule, Resource) • Bespoke policies • Based on attributes or groups Connects subjects and resources Access management • Uses identity information, entitlement policies and context to make access decisions: – Grant – Deny – Grant but limit Decision closer to resource
Jirasek Consulting Services Classification: Public 32 Identity Federation::Let’s trust identity providers • Not everyone wants to have thousands of username/passwords • Cloud services are ideal for identity federation • SAML 2.0 • OAUTH 2.0 (do not confuse with OATH)
Jirasek Consulting Services Classification: Public 33 Summary • Create Enterprise Architecture function with dotted line to CEO • Appoint Security Architect as part of Enterprise architecture function • Have a Cloud policy/standard and update risk management classification • Always think of exit from Cloud first! • Discover usage of Cloud services • Prepare you enterprise architecture to plug Cloud services in IAM, SIEM, Key management • Build IAM that supports changing business. Federate and Federate… • Do not fear Cloud – sophisticated form of outsourcing: use supplier management techniques.
Jirasek Consulting Services Classification: Public 34 Links • A Comparison of the Top Four Enterprise- Architecture Methodologies - http://msdn.microsoft.com/en- us/library/bb466232.aspx • TOGAF 9 - http://www.opengroup.org/togaf/ • CipherCloud - http://www.ciphercloud.com/ • Amazon AWS Security - https://aws.amazon.com/security/ • Dropbox security incidents - http://www.zdnet.com/dropbox-gets-hacked-again- 7000001928/
Jirasek Consulting Services Classification: Public 35 Contact • Vladimir Jirasek • vladimir@jirasekconsulting.com • www.jirasekconsulting.com • @vjirasek • About.me/Jirasek

Recommended

C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA AustraliaCloudSecurityAllianceAustralia
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 

Recommended

C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA AustraliaCloudSecurityAllianceAustralia
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityThe TNS Group
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2Priyanka Aash
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? Digital Transformation EXPO Event Series
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureCprime
 
Cloud risk and business continuity v21
Cloud risk and business continuity v21Cloud risk and business continuity v21
Cloud risk and business continuity v21Jorge Sebastiao
 
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CloudSecurityAllianceAustralia
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Vladimir Jirasek
 

More Related Content

What's hot

CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2Priyanka Aash
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureCprime
 
Cloud risk and business continuity v21
Cloud risk and business continuity v21Cloud risk and business continuity v21
Cloud risk and business continuity v21Jorge Sebastiao
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 

What's hot (19)

CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computing
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
 
Cloud risk and business continuity v21
Cloud risk and business continuity v21Cloud risk and business continuity v21
Cloud risk and business continuity v21
 
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 

Viewers also liked

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
OSI Case - Outsourcing Infrastructure to Maximize Business Value
OSI Case - Outsourcing Infrastructure to Maximize Business ValueOSI Case - Outsourcing Infrastructure to Maximize Business Value
OSI Case - Outsourcing Infrastructure to Maximize Business ValueMatt Blair
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011Vladimir Jirasek
 
Cloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingCloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingHeri Supriadi
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementCA Technologies
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Accenture Operations
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...Accenture Technology
 
Banking and Infrastructure in Developing Financial Services Markets
Banking and Infrastructure in Developing Financial Services MarketsBanking and Infrastructure in Developing Financial Services Markets
Banking and Infrastructure in Developing Financial Services MarketsDan Armstrong
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Viewers also liked (18)

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
OSI Case - Outsourcing Infrastructure to Maximize Business Value
OSI Case - Outsourcing Infrastructure to Maximize Business ValueOSI Case - Outsourcing Infrastructure to Maximize Business Value
OSI Case - Outsourcing Infrastructure to Maximize Business Value
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011
 
Cloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingCloud Based Infrastructure for Banking
Cloud Based Infrastructure for Banking
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity Management
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
Banking and Infrastructure in Developing Financial Services Markets
Banking and Infrastructure in Developing Financial Services MarketsBanking and Infrastructure in Developing Financial Services Markets
Banking and Infrastructure in Developing Financial Services Markets
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Blog ppt
Blog pptBlog ppt
Blog ppt
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similar to Secure your cloud applications by building solid foundations with enterprise (security) architecture

ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxBabatundeAbioye2
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...Amazon Web Services
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyTim Harvey
 
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...Mohit Agarwal, CFA
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingMauricio Godoy
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Cyrus Sorab
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
 
Cloud Ready Data: Speeding Your Journey to the Cloud
Cloud Ready Data: Speeding Your Journey to the CloudCloud Ready Data: Speeding Your Journey to the Cloud
Cloud Ready Data: Speeding Your Journey to the CloudDLT Solutions
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Cloud Migration.pdf
Cloud Migration.pdfCloud Migration.pdf
Cloud Migration.pdfZen Bit Tech
 

Similar to Secure your cloud applications by building solid foundations with enterprise (security) architecture (20)

ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptx
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud Computing
 
Cloud Seeding
Cloud SeedingCloud Seeding
Cloud Seeding
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Cloud Ready Data: Speeding Your Journey to the Cloud
Cloud Ready Data: Speeding Your Journey to the CloudCloud Ready Data: Speeding Your Journey to the Cloud
Cloud Ready Data: Speeding Your Journey to the Cloud
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Migration.pdf
Cloud Migration.pdfCloud Migration.pdf
Cloud Migration.pdf
 

More from Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009Vladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metricsVladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 

More from Vladimir Jirasek (8)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Secure your cloud applications by building solid foundations with enterprise (security) architecture

  • 1. Jirasek Consulting Services Classification: Public 1 Supporting Business Agility Secure your cloud applications by building solid foundations with enterprise (security ) architecture Vladimir Jirasek, Managing director Jirasek Consulting Services & Research Director, Cloud Security Alliance, UK chapter
  • 2. Jirasek Consulting Services Classification: Public 2 About me • MBA (MSc) degree • 20 years experience in IT • 13 years experience in InfoSec • Worked in various companies in diverse sectors • Engaged in security organisations as projects such as CAMM, CSA • Technical editor of a cloud security book • Present at security and IT conferences
  • 3. Jirasek Consulting Services Classification: Public 3 Agenda • Enterprise architecture crash course • Security architecture overview • Cloud security models • Governance in Cloud • Data security in Cloud • Identity and Access in Cloud
  • 4. Supporting Business Agility Jirasek Consulting Services Classification: Public 4 ENTERPRISE ARCHITECTURE
  • 5. Jirasek Consulting Services Classification: Public 5 What is Enterprise Architecture Enterprise architecture (EA) is the process of translating business vision and strategy into effective enterprise change by creating, communicating and improving the key requirements, principles and models that describe the enterprise's future state and enable its evolution. Wikipedia Common sense to ensure everyone in a company is pulling in one direction, maximising ROI, reducing waste, increasing efficiency, effectiveness, agility, maintaining strategic focus and delivering tactical solutions. Vladimir Jirasek Enterprise architecture is about strategy, not about engineering. Gartner
  • 6. Jirasek Consulting Services Classification: Public 6 EA is a business support function Should be discussed here Is commonly discussed here
  • 7. Jirasek Consulting Services Classification: Public 7 EA frameworks Source: http://msdn.microsoft.com/en-us/library/bb466232.aspx
  • 8. Jirasek Consulting Services Classification: Public 8 One of the most used architecture frameworks: TOGAF
  • 9. Supporting Business Agility Jirasek Consulting Services Classification: Public 9 ENTERPRISE SECURITY ARCHITECTURE
  • 10. Jirasek Consulting Services Classification: Public 10 Security model – business drives security Information Security policies Input Business objectives Compliance requirements Laws & Regulations Business impact Business & information risks Defin e Defin e Defin e Security threats International security standards Information Security standards Information Security guidelines Security intelligence Input Line Management Auditors Security management Risk & Compliance Governance Product Management Program Management Assurance Security Services Security Professionals IT GRC Inform Information Security Processes Technology Policy framework Security management People Services Define security controls Execute security controls Information Security Metrics objectives Metrics framework Measure security maturity External security metrics Mandate Measured by Input Correction of security processes Feedback: update business requirements Process framework
  • 11. Jirasek Consulting Services Classification: Public 11 Security architecture domains • Security architect work across all domains • Stakeholder in EA • Works with domain architects (depends on the size of an organisation)
  • 12. Jirasek Consulting Services Classification: Public 12 Cloud model maps to Security model Cloud model Direct map
  • 13. Jirasek Consulting Services Classification: Public 13 Responsibilities for areas in security model compared to delivery models Physical security Network security Host security Application sec. Data security SIEM Identity, Access Cryptography Business continuity GRC Provider responsible Customer responsible IaaS PaaS SaaS IaaS PaaS SaaS
  • 14. Jirasek Consulting Services Classification: Public 14 Present time Future Should data security be on CIOs agendas? Why only CIO? Not many security breaches so far. Why? Will become targeted as more enterprises rely on public Cloud computing Mandatory reading! Cloud provider reputation/costs Your company reputation/costs Consolidation of Cloud providers Cost savings in Enterprises PaaS/SaaS SaaS SaaS
  • 15. Supporting Business Agility Jirasek Consulting Services Classification: Public 15 CLOUD DEPLOYMENT GOVERNANCE
  • 16. Jirasek Consulting Services Classification: Public 16 Governance related to Cloud • Setting company policy for Cloud computing • Risk based decision which Cloud provider, if any, to engage • Assigning responsibilities for enforcing and monitoring of the policy compliance • Set corrective actions for non-compliance
  • 17. Jirasek Consulting Services Classification: Public 17 Cloud governance::Policy • Cloud adopted typically by a) IT directors – managed relatively consistently and mostly [I|P]aaS b) Business managers – less governance; typically SaaS • Policy should state: It is a policy of …. to manage the usage of external Cloud computing services, taking into account risks to business processes, legal and regulatory compliance when using external services Cloud services. CIO is responsible for creating and communicating external Cloud computing strategy and standards.
  • 18. Jirasek Consulting Services Classification: Public 18 Cloud standard structure • General statements – Governance requirements for Cloud – Enterprise architecture to be ready for Cloud and Cloud services to plug-in (IAM, SIEM, Data architecture, Forensic) – Discovery of Cloud service use • Before Cloud project – Cloud service to comply with data classification – Encrypting all sensitive data in Cloud – Identity and Access management (AAA) link to Cloud service • During Cloud project – Due diligence to be performed – Do not forget “right to audit” – Know locations of PII • During Cloud project (cont) – Assess availability (SLA and DR) of Cloud provider – Assess Cloud provider security controls – Assess potential for forensic investigation by company’s team • Running a Cloud service – Limit use of live data for development and testing – Monitor cloud provider’s security controls – Link Company’s SIEM with Cloud provider and monitor for incidents • Moving out of Cloud – Data cleansing – Data portability
  • 19. Jirasek Consulting Services Classification: Public 19 Examples: I have 1TB of CSV files, now what? • Customer uses well know CRM in Cloud • SaaS designed to immerse clients into well defined, bespoke CRM • No known data mode • Export of data in CSV. Tip: Portability is the key in SaaS applications. Think about leaving the Cloud provider upfront. How will you take your data?
  • 20. Jirasek Consulting Services Classification: Public 20 Example: Scaling up/down development • Large manufacture and service company • Requirement to support development needs with seasonal demands – ideal case for [I|P]aaS • Security team approached up-front to perform review • “Live” data not uploaded to the provider before on-site sanitising
  • 21. Supporting Business Agility Jirasek Consulting Services Classification: Public 21 DATA SECURITY IN CLOUD
  • 22. Jirasek Consulting Services Classification: Public 22 Cloud provider: “AES-128 so it must be secure! Trust me!” PDFSecret PDFSecret 0101000 1101010 1010110 1010100 1010101 0101100 110101 Cloud service user Just because it is encrypted does not make it secure… Look end to end. Cloud Service Provider
  • 23. Jirasek Consulting Services Classification: Public 23 However not all data in the cloud are secret!
  • 24. Jirasek Consulting Services Classification: Public 24 Sometimes too much encryption is bad though. Who holds encryption keys? Are they available?
  • 25. Jirasek Consulting Services Classification: Public 25 Data protection options in cloud models Infrastructure as a Service Platform as a Service Software as a Service Encryption appliance (e.g. Safe-Net ProtectV) Application encryption (customer retains keys) Network Network VPN (could extend to SaaS) Web TLS (for IaaS operated by customer) Hos t Provider dependent and operated host encryption Application Tokenisation and anonymisation Data Extend company file or object encryption Encrypting/tokenising reverse proxy engines (e.g. CipherCloud) SIEM Extend company SIEM Plug-in to Provider’s SIEM Extend DLP or eDRM Provider operated data/database encryption
  • 26. Jirasek Consulting Services Classification: Public 26 Example of SaaS – Use of Gmail inside and outside an organisation • SaaS web based application. Other standard interfaces – IMAP, POP3, SMTP, Web API • Data in Gmail available to anyone with proper authentication • TLS used on transport layer • Consider using CipherCloud like product but be mindful of traffic flows with external customers Sender Recipient Intra company Recipient Proxy Sender
  • 27. Jirasek Consulting Services Classification: Public 27 Example of IaaS – Cloud provider offers virtual computing resources for Internal apps deployment • Cloud provider can theoretically access all data, if decryption happens on the virtual machine! But would they? • Use two possible models:  Local crypto operations with remote key management. Consider SafeNet ProtectV  Remote crypto operations over VPN – speed penalty Internal user Administrator Intra company VPN Virtual servers Travelling user Key management Data encrypted Local encryption operations Data encrypted Remote encryption operations HSM
  • 28. Supporting Business Agility Jirasek Consulting Services Classification: Public 28 IDENTITY AND ACCESS MANAGEMENT IN CLOUD
  • 29. Jirasek Consulting Services Classification: Public 29 IAM is a complex domain::closer to information management then security! Identity management Access management Federation Entitlements These capabilities can be and are mixed between on-site managed by organisations or provided as a service by Cloud providers.
  • 30. Jirasek Consulting Services Classification: Public 30 Identity management::mostly information management • Principal management • Credential management • Attribute management • Group memberships • Business and IT roles • Directory • Link to HR data Provision and de-provision users from cloud services automatically
  • 31. Jirasek Consulting Services Classification: Public 31 Entitlements and Access management Entitlements • Managing access policies • XACML policies – (Subject, Rule, Resource) • Bespoke policies • Based on attributes or groups Connects subjects and resources Access management • Uses identity information, entitlement policies and context to make access decisions: – Grant – Deny – Grant but limit Decision closer to resource
  • 32. Jirasek Consulting Services Classification: Public 32 Identity Federation::Let’s trust identity providers • Not everyone wants to have thousands of username/passwords • Cloud services are ideal for identity federation • SAML 2.0 • OAUTH 2.0 (do not confuse with OATH)
  • 33. Jirasek Consulting Services Classification: Public 33 Summary • Create Enterprise Architecture function with dotted line to CEO • Appoint Security Architect as part of Enterprise architecture function • Have a Cloud policy/standard and update risk management classification • Always think of exit from Cloud first! • Discover usage of Cloud services • Prepare you enterprise architecture to plug Cloud services in IAM, SIEM, Key management • Build IAM that supports changing business. Federate and Federate… • Do not fear Cloud – sophisticated form of outsourcing: use supplier management techniques.
  • 34. Jirasek Consulting Services Classification: Public 34 Links • A Comparison of the Top Four Enterprise- Architecture Methodologies - http://msdn.microsoft.com/en- us/library/bb466232.aspx • TOGAF 9 - http://www.opengroup.org/togaf/ • CipherCloud - http://www.ciphercloud.com/ • Amazon AWS Security - https://aws.amazon.com/security/ • Dropbox security incidents - http://www.zdnet.com/dropbox-gets-hacked-again- 7000001928/
  • 35. Jirasek Consulting Services Classification: Public 35 Contact • Vladimir Jirasek • vladimir@jirasekconsulting.com • www.jirasekconsulting.com • @vjirasek • About.me/Jirasek

Editor's Notes

  1. Question: how many CIOs are in the room. How many have regular (at least monthly) 1 to 1s with CEO or CFO?
  2. Working on a project – project managers says we have a VPN tunnel for data transfer so that is enough for security 
  3. Talk about data classification. We will talk about dropbox later
  4. Apply encryption only where needed and make sure that the key management is done properly. NIST document http://csrc.nist.gov/groups/ST/toolkit/key_management.html