SlideShare ist ein Scribd-Unternehmen logo

2014-04-28 cloud security frameworks and enforcement

S
Shawn Wells

Cloud Security: Frameworks and Enforcement

Software
1 von 23
Downloaden Sie, um offline zu lesen
Cloud Security: Frameworks and Enforcement SHAWN WELLS Director, Innovation Programs, U.S. Public Sector shawn@redhat.com || 443-534-0130 1UNCLASSIFIED
35 MINUTES, 2 GOALS 2
35 MINUTES, 2 GOALS 1.  Cloud Security Lifecycle •  Government Certification & Accreditation Models •  Case Study: Westfield’s MADFW/MITE 3
35 MINUTES, 2 GOALS 1.  Cloud Security Lifecycle •  Government Certification & Accreditation Models •  Case Study: Westfield’s MADFW/MITE 2.  Enabling Security Technologies •  Security Content Automation Protocol (SCAP) •  Containers 4
WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE 5
WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE •  Platform as a Service (PaaS) •  DLT CODEvolved, Autonomic ARCWRX 6
WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE •  Platform as a Service (PaaS) •  DLT CODEvolved, Autonomic ARCWRX •  Software as a Service (SaaS) •  salesforce.com 7
IaaS Case Study: Westfield’s MADFW •  Also known as MITE, falls under MID •  Development environment for ~117 tenants •  Anything beyond operating system is responsibility of tenant (applications, continuous monitoring, etc) •  ICD 503, High/Low/Low 13
Continuous Monitoring •  NIST 800-53, 800-137, and many other regulations require continuous monitoring •  We’ve been using the SCAP Security Guide •  Large body of Linux security controls •  Logically grouped into profiles (e.g. DoD STIG, FISMA Moderate, C2S…) https://fedorahosted.org/scap-security-guide/ 14
Contributors Include . . .
Control Tailoring
Sample Output
SCAP Content Repositories NIST maintains SCAP content repository for U.S. Government. Plenty of non-Linux content! http://web.nvd.nist.gov/view/ncp/repository 18
MADFW v2: PaaS (via containers) •  Think of the containers as boxes, nodes as the truck •  We don’t care what’s inside the box, it’s just cargo 19
Multi-tenancy 20 RHEL HYPERVISOR (RHEV, OpenStack, KVM, even VMWare…)
Multi-tenancy 21 RHEL system_u:system_r:svirt_t:s0:c379,c680 system_u:system_r:svirt_t:s0:c41,c368 HYPERVISOR (RHEV, OpenStack, KVM, even VMWare…)
Multi-tenancy 22
2014-04-28 cloud security frameworks and enforcement

Empfohlen

2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management
Shawn Wells
 
Analysis of TLS in SMTP World
Analysis of TLS in SMTP WorldAnalysis of TLS in SMTP World
Analysis of TLS in SMTP World
Binu Ramakrishnan
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update
Shawn Wells
 
Enhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortEnhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snort
Yaashan Raj
 
Security Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic StackSecurity Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic Stack
Elasticsearch
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
Nur Shiqim Chok
 

Empfohlen

2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management
Shawn Wells
 
Analysis of TLS in SMTP World
Analysis of TLS in SMTP WorldAnalysis of TLS in SMTP World
Analysis of TLS in SMTP World
Binu Ramakrishnan
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update
Shawn Wells
 
Enhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortEnhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snort
Yaashan Raj
 
Security Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic StackSecurity Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic Stack
Elasticsearch
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
Nur Shiqim Chok
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
Priyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
Implementation of IPsec with PKI
Implementation of IPsec with PKIImplementation of IPsec with PKI
Implementation of IPsec with PKI
Sukhpreet Singh
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
James Bromberger
 
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
FIWARE
 
7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption
ProtectWise
 
Master-Thesis-Castalia-Projects
Master-Thesis-Castalia-ProjectsMaster-Thesis-Castalia-Projects
Master-Thesis-Castalia-Projects
Phdtopiccom
 
Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 
CipherCloud for Any App
CipherCloud for Any AppCipherCloud for Any App
CipherCloud for Any App
CipherCloud
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
Priyanka Aash
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPN
Elasticsearch
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
Risk Analysis Consultants, s.r.o.
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
Priyanka Aash
 
Hystrix make your app bullet proof
Hystrix make your app bullet proofHystrix make your app bullet proof
Hystrix make your app bullet proof
Marcin Kłopotek
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
NGINX, Inc.
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
 
Certifiable Linux Integration Platform (CLIP)
Certifiable Linux Integration Platform (CLIP)Certifiable Linux Integration Platform (CLIP)
Certifiable Linux Integration Platform (CLIP)
Tresys
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
Nagios
 
Portales educativos
Portales educativosPortales educativos
Portales educativos
QUETITATAPIA
 
Moldauische weindegustation
Moldauische weindegustationMoldauische weindegustation
Moldauische weindegustation
CosminCH
 

Weitere ähnliche Inhalte

Was ist angesagt?

Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
NGINX, Inc.
 

Was ist angesagt? (20)

Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
 
Implementation of IPsec with PKI
Implementation of IPsec with PKIImplementation of IPsec with PKI
Implementation of IPsec with PKI
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
 
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
FIWARE Global Summit - How IoT Companies and Startups are Using FIWARE as the...
 
7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption
 
Master-Thesis-Castalia-Projects
Master-Thesis-Castalia-ProjectsMaster-Thesis-Castalia-Projects
Master-Thesis-Castalia-Projects
 
Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 
CipherCloud for Any App
CipherCloud for Any AppCipherCloud for Any App
CipherCloud for Any App
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPN
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
 
Hystrix make your app bullet proof
Hystrix make your app bullet proofHystrix make your app bullet proof
Hystrix make your app bullet proof
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
Certifiable Linux Integration Platform (CLIP)
Certifiable Linux Integration Platform (CLIP)Certifiable Linux Integration Platform (CLIP)
Certifiable Linux Integration Platform (CLIP)
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
 

Andere mochten auch

Sladjana Starcevic - Why we need to extend the classical model of brand perso...
Sladjana Starcevic - Why we need to extend the classical model of brand perso...Sladjana Starcevic - Why we need to extend the classical model of brand perso...
Sladjana Starcevic - Why we need to extend the classical model of brand perso...
Sladjana Starcevic, Ph.D.
 

Andere mochten auch (12)

Portales educativos
Portales educativosPortales educativos
Portales educativos
 
Moldauische weindegustation
Moldauische weindegustationMoldauische weindegustation
Moldauische weindegustation
 
Teoría color
Teoría colorTeoría color
Teoría color
 
Cetak kwitansi, surat jalan, invoice, dll
Cetak kwitansi, surat jalan, invoice, dllCetak kwitansi, surat jalan, invoice, dll
Cetak kwitansi, surat jalan, invoice, dll
 
Plan estrategico de subvenciones 2016
Plan estrategico de subvenciones 2016Plan estrategico de subvenciones 2016
Plan estrategico de subvenciones 2016
 
Sladjana Starcevic - Why we need to extend the classical model of brand perso...
Sladjana Starcevic - Why we need to extend the classical model of brand perso...Sladjana Starcevic - Why we need to extend the classical model of brand perso...
Sladjana Starcevic - Why we need to extend the classical model of brand perso...
 
Girls Can Code - 2/3/17
Girls Can Code - 2/3/17Girls Can Code - 2/3/17
Girls Can Code - 2/3/17
 
La salud . Educación Primaria
La salud . Educación PrimariaLa salud . Educación Primaria
La salud . Educación Primaria
 
части мирового океана
части мирового океана части мирового океана
части мирового океана
 
How To Stop Surviving And Start Thriving
How To Stop Surviving And Start ThrivingHow To Stop Surviving And Start Thriving
How To Stop Surviving And Start Thriving
 
Mesoamérica
MesoaméricaMesoamérica
Mesoamérica
 
Clasificación de los seres vivos
Clasificación de los seres vivosClasificación de los seres vivos
Clasificación de los seres vivos
 

Ähnlich wie 2014-04-28 cloud security frameworks and enforcement

AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
Gaurav "GP" Pal
 
Guy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference HighlightsGuy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference Highlights
CSAIsrael
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...
Matthew Webster
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
lior mazor
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Jason Mashak
 

Ähnlich wie 2014-04-28 cloud security frameworks and enforcement (20)

AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
 
Dawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton RavindranDawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton Ravindran
 
Guy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference HighlightsGuy Alfassi - CSA Conference Highlights
Guy Alfassi - CSA Conference Highlights
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deck
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
 
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threats
 
1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Containers, from Production to Development
Containers, from Production to DevelopmentContainers, from Production to Development
Containers, from Production to Development
 
Containers, From Development to Production
Containers, From Development to ProductionContainers, From Development to Production
Containers, From Development to Production
 

Mehr von Shawn Wells

Mehr von Shawn Wells (20)

2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO Platforms2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO Platforms
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
 
2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop Coursebook2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop Coursebook
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation
 
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
 
2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross Domain2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross Domain
 
2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the Dark2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the Dark
 
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
 
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
 
2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarks2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarks
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers
 
2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap
 
2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbook2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbook
 
2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT Manufacturing2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT Manufacturing
 
2014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 20142014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 2014
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
 
2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation
2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation
2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation
 

Kürzlich hochgeladen

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Kürzlich hochgeladen (20)

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 

2014-04-28 cloud security frameworks and enforcement

  • 1. Cloud Security: Frameworks and Enforcement SHAWN WELLS Director, Innovation Programs, U.S. Public Sector shawn@redhat.com || 443-534-0130 1UNCLASSIFIED
  • 2. 35 MINUTES, 2 GOALS 2
  • 3. 35 MINUTES, 2 GOALS 1.  Cloud Security Lifecycle •  Government Certification & Accreditation Models •  Case Study: Westfield’s MADFW/MITE 3
  • 4. 35 MINUTES, 2 GOALS 1.  Cloud Security Lifecycle •  Government Certification & Accreditation Models •  Case Study: Westfield’s MADFW/MITE 2.  Enabling Security Technologies •  Security Content Automation Protocol (SCAP) •  Containers 4
  • 5. WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE 5
  • 6. WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE •  Platform as a Service (PaaS) •  DLT CODEvolved, Autonomic ARCWRX 6
  • 7. WHAT IS THE CLOUD? •  Infrastructure as a Service (IaaS) •  CIA C2S, NSA MACHINESHOP, ARC-P, Westfield’s MITE •  Platform as a Service (PaaS) •  DLT CODEvolved, Autonomic ARCWRX •  Software as a Service (SaaS) •  salesforce.com 7
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. IaaS Case Study: Westfield’s MADFW •  Also known as MITE, falls under MID •  Development environment for ~117 tenants •  Anything beyond operating system is responsibility of tenant (applications, continuous monitoring, etc) •  ICD 503, High/Low/Low 13
  • 14. Continuous Monitoring •  NIST 800-53, 800-137, and many other regulations require continuous monitoring •  We’ve been using the SCAP Security Guide •  Large body of Linux security controls •  Logically grouped into profiles (e.g. DoD STIG, FISMA Moderate, C2S…) https://fedorahosted.org/scap-security-guide/ 14
  • 18. SCAP Content Repositories NIST maintains SCAP content repository for U.S. Government. Plenty of non-Linux content! http://web.nvd.nist.gov/view/ncp/repository 18
  • 19. MADFW v2: PaaS (via containers) •  Think of the containers as boxes, nodes as the truck •  We don’t care what’s inside the box, it’s just cargo 19