SlideShare ist ein Scribd-Unternehmen logo

Cloud Security ("securing the cloud")

Als PPTX, PDF herunterladen
Vic Winkler
Vic Winkler

Vic Winkler's 2011 FOSE presentation in Washington DC. The talk was based on the book: "Securing the Cloud" (Elsevier 2011). Highlights: --Top 10 Cloud Security Concerns; --Is organizational control good for cloud security?; --Architectural examples for cloud security

TechnologieBusiness
1 von 38
NGI-4: Cloud The Technical Foundations of Security and Interoperability Overview Vic Winkler July 2011 Washington, DC Booz | Allen | Hamilton
The Technical Foundations of Security and Interoperability This presentation is based on my book: “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress May 2011) Graphics are Copywrited by Elsevier/Syngress 2011 My experiences in designing, implementing and operating the security for: “SunGrid” (2004+), “Network.com” (2006+) and “The Sun Public Cloud” (2007+) …And research into best practices in cloud security (2008-2011) Previously, I: Was a pioneer in network and systems based intrusion detection Designed a B1 trusted Unix system Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 2
A Brief, Distorted View of History  Overview Continuing Technology Evolution Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 3
More “Evolution” than “Revolution” So, what is “cloud”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 4
A Minor Problem With Words… Most common question: Is “cloud” secure? Booz | Allen | Hamilton 5
Booz Allen: Cloud Computing “Quick Look” Assessment The QLA approach analyzes the organization and its potential cloud candidate functions and applications across eight Cloud Computing Factors, providing an in-depth assessment and suitability rating for each. Business/Mission Technology Economics Security Governance & Policy IT Management Organization Change Management Booz | Allen | Hamilton 6
Cloud: A Model for Computing, A Model for Service Delivery • “Cloud Services" – IT model for service delivery: Expressed, delivered and consumed over the Internet or private network – Infrastructure-as-a-Service (IaaS) – Platform-as-a-Service (PaaS) – Software-as-a-Service (SaaS) • “Cloud Computing”– IT model for computing – Environment composed of IT components necessary to develop & deliver "cloud services” Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 7
The Services Stack Two Perspectives What about security? …“Confidentiality”, “Integrity” and “Availability”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 8
The NIST Cloud Model Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 9
Security Concerns? • 10. Unknown Risks: Concern that cloud computing brings new classes of risks and vulnerabilities • 9. Control over Data: User data may be comingled with data belonging to others. • 8. Legal and Regulatory Compliance: It may be difficult (unrealistic?) to utilize public clouds when data is subject to legal restrictions or regulatory compliance • 7. Disaster Recovery and Business Continuity: Cloud tenants and users require confidence that their operations and services will continue despite a disaster • 6. Security Incidents: Tenants and users need to be informed and supported by a provider • 5. Transparency: Trust in a cloud provider’s security claims entails provider transparency • 4. Cloud Provider Viability: Since cloud providers are relatively new to the business, there are questions about provider viability and commitment • 3. Privacy and Data concerns with public or community clouds: Data may not remain in the same system, raising multiple legal concerns • 2. User Error: A user may inadvertently leak highly sensitive or classified information into a public cloud • 1. Network Availability: The cloud must be available whenever you need it Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 10
Security Concerns Sensitive Data & Regulatory Compliance Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 11
Security Concerns Transparency Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 12
Security Concerns Example of Private Cloud Concerns Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 13
Security Concerns Trade Offs Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 14
Cloud Services are Expressed From Cloud IT Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 15
Virtualization and Elastic Service Expression Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 16
Is Organizational Control Good for Security? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 17
Scope of Control Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 18
IaaS, PaaS and SaaS: Data Ownership Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 19
Organizational Control with Private versus Public Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 20
Cloud Demands Advanced Management Capabilities (This should benefit security) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 21
Planning for Competitive Pricing (…in other words, “cost-effective security”) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 22
Planning for Fundamental Changes Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 23
Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 24
…Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 25
…Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 26
Example Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 27
Example …Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 28
Assessment: Is it “Correct”, “Secure” and Does it Meet Requirements? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 29
How Much Assurance? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 30
Operationally, How Will you Know? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 31
Security Monitoring A High-Volume Activity Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 32
Monitoring Really Wants To Be A Near-Real-Time Feedback Loop Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 33
Beyond Security Monitoring Integrated Operational Security Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 34
Example Security Use for CMDB Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 35
Defense-in-Depth in Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 36
What are the BIG Lessons? • Provider – Model T approach: Any color the customer wants …as long as it’s “black” • Special requests undercut profits – Plan ahead: Focus on eventual operations costs and on the certainty of change to the infrastructure – Seek to automate almost everything: • Identify procedures/processes to drive down costs • Identify and refine patterns – Segregate information • Don’t mix infrastructure management information • …with security information • …with customer data …etc. – Architect for completely separate paths: • (Public) (Infrastructure control) (Network device control) (Security management) • Entails a differentiated set of networks • Isolate, Isolate, Isolate • Encrypt, Encrypt, Encrypt • Consumer – Who is the provider? – What are you really buying? Transparency, independent verification, indemnification? Booz | Allen | Hamilton 37
Thank You Business: Winkler_Joachim@BAH.Com Personal: Vic@VicWinkler.Com Phone: 703.622.7111 “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress 2011) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 38

Empfohlen

Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
 

Empfohlen

Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Security
craigbalding
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issues
Pradeepti Kamble
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Joseph Holbrook, Chief Learning Officer (CLO)
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Aung Thu Rha Hein
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
SlideTeam
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
bhanu krishna
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
William McBorrough
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
PhD Services
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
 
Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton
 
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
Boni
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
SlideTeam
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
 

Was ist angesagt? (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Security
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issues
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
 

Andere mochten auch

2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
Boni
 
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Dmitry Tseitlin
 
Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11
AmplifyFest
 
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen HamiltonWebinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Badgeville, Inc.
 
Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010
dfnewman
 
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
espie77
 

Andere mochten auch (20)

Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year Timeline
 
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
 
Srm And Asset Protection V1.0
Srm And Asset Protection V1.0Srm And Asset Protection V1.0
Srm And Asset Protection V1.0
 
Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"
 
Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011
 
LQB Busniess plan
LQB Busniess planLQB Busniess plan
LQB Busniess plan
 
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
 
Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
 
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
 
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen HamiltonWebinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
 
Booz&co
Booz&coBooz&co
Booz&co
 
Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010
 
Intro To Thought Leadership V5
Intro To Thought Leadership V5Intro To Thought Leadership V5
Intro To Thought Leadership V5
 
Military Spouse Career Roadmap
Military Spouse Career Roadmap Military Spouse Career Roadmap
Military Spouse Career Roadmap
 
Social Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomicsSocial Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomics
 
2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamilton2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamilton
 
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and Tomorrow
 

Ähnlich wie Cloud Security ("securing the cloud")

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
STO STRATEGY
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
STO STRATEGY
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
nooralmousa
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
STO STRATEGY
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
Deborah Schalm
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
DevOps.com
 
HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011
Teque Eventos
 
Tutorial 4 peter kustor
Tutorial 4 peter kustorTutorial 4 peter kustor
Tutorial 4 peter kustor
egovernment
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud Computing
Mauricio Godoy
 
Fearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fretFearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fret
Cornerstone OnDemand
 

Ähnlich wie Cloud Security ("securing the cloud") (20)

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
CSA & GRC Stack
CSA & GRC StackCSA & GRC Stack
CSA & GRC Stack
 
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and SkillsCloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skills
 
Creating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy SessionCreating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy Session
 
Cloud 122 building the perfect cloud
Cloud 122 building the perfect cloudCloud 122 building the perfect cloud
Cloud 122 building the perfect cloud
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
Elastic stack and cloud native architecture
Elastic stack and cloud native architectureElastic stack and cloud native architecture
Elastic stack and cloud native architecture
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011
 
Tutorial 4 peter kustor
Tutorial 4 peter kustorTutorial 4 peter kustor
Tutorial 4 peter kustor
 
TUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud SystemsTUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud Systems
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud Computing
 
Fearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fretFearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fret
 

Kürzlich hochgeladen

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Cloud Security ("securing the cloud")

  • 1. NGI-4: Cloud The Technical Foundations of Security and Interoperability Overview Vic Winkler July 2011 Washington, DC Booz | Allen | Hamilton
  • 2. The Technical Foundations of Security and Interoperability This presentation is based on my book: “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress May 2011) Graphics are Copywrited by Elsevier/Syngress 2011 My experiences in designing, implementing and operating the security for: “SunGrid” (2004+), “Network.com” (2006+) and “The Sun Public Cloud” (2007+) …And research into best practices in cloud security (2008-2011) Previously, I: Was a pioneer in network and systems based intrusion detection Designed a B1 trusted Unix system Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 2
  • 3. A Brief, Distorted View of History  Overview Continuing Technology Evolution Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 3
  • 4. More “Evolution” than “Revolution” So, what is “cloud”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 4
  • 5. A Minor Problem With Words… Most common question: Is “cloud” secure? Booz | Allen | Hamilton 5
  • 6. Booz Allen: Cloud Computing “Quick Look” Assessment The QLA approach analyzes the organization and its potential cloud candidate functions and applications across eight Cloud Computing Factors, providing an in-depth assessment and suitability rating for each. Business/Mission Technology Economics Security Governance & Policy IT Management Organization Change Management Booz | Allen | Hamilton 6
  • 7. Cloud: A Model for Computing, A Model for Service Delivery • “Cloud Services" – IT model for service delivery: Expressed, delivered and consumed over the Internet or private network – Infrastructure-as-a-Service (IaaS) – Platform-as-a-Service (PaaS) – Software-as-a-Service (SaaS) • “Cloud Computing”– IT model for computing – Environment composed of IT components necessary to develop & deliver "cloud services” Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 7
  • 8. The Services Stack Two Perspectives What about security? …“Confidentiality”, “Integrity” and “Availability”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 8
  • 9. The NIST Cloud Model Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 9
  • 10. Security Concerns? • 10. Unknown Risks: Concern that cloud computing brings new classes of risks and vulnerabilities • 9. Control over Data: User data may be comingled with data belonging to others. • 8. Legal and Regulatory Compliance: It may be difficult (unrealistic?) to utilize public clouds when data is subject to legal restrictions or regulatory compliance • 7. Disaster Recovery and Business Continuity: Cloud tenants and users require confidence that their operations and services will continue despite a disaster • 6. Security Incidents: Tenants and users need to be informed and supported by a provider • 5. Transparency: Trust in a cloud provider’s security claims entails provider transparency • 4. Cloud Provider Viability: Since cloud providers are relatively new to the business, there are questions about provider viability and commitment • 3. Privacy and Data concerns with public or community clouds: Data may not remain in the same system, raising multiple legal concerns • 2. User Error: A user may inadvertently leak highly sensitive or classified information into a public cloud • 1. Network Availability: The cloud must be available whenever you need it Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 10
  • 11. Security Concerns Sensitive Data & Regulatory Compliance Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 11
  • 12. Security Concerns Transparency Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 12
  • 13. Security Concerns Example of Private Cloud Concerns Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 13
  • 14. Security Concerns Trade Offs Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 14
  • 15. Cloud Services are Expressed From Cloud IT Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 15
  • 16. Virtualization and Elastic Service Expression Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 16
  • 17. Is Organizational Control Good for Security? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 17
  • 18. Scope of Control Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 18
  • 19. IaaS, PaaS and SaaS: Data Ownership Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 19
  • 20. Organizational Control with Private versus Public Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 20
  • 21. Cloud Demands Advanced Management Capabilities (This should benefit security) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 21
  • 22. Planning for Competitive Pricing (…in other words, “cost-effective security”) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 22
  • 23. Planning for Fundamental Changes Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 23
  • 24. Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 24
  • 25. …Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 25
  • 26. …Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 26
  • 27. Example Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 27
  • 28. Example …Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 28
  • 29. Assessment: Is it “Correct”, “Secure” and Does it Meet Requirements? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 29
  • 30. How Much Assurance? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 30
  • 31. Operationally, How Will you Know? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 31
  • 32. Security Monitoring A High-Volume Activity Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 32
  • 33. Monitoring Really Wants To Be A Near-Real-Time Feedback Loop Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 33
  • 34. Beyond Security Monitoring Integrated Operational Security Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 34
  • 35. Example Security Use for CMDB Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 35
  • 36. Defense-in-Depth in Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 36
  • 37. What are the BIG Lessons? • Provider – Model T approach: Any color the customer wants …as long as it’s “black” • Special requests undercut profits – Plan ahead: Focus on eventual operations costs and on the certainty of change to the infrastructure – Seek to automate almost everything: • Identify procedures/processes to drive down costs • Identify and refine patterns – Segregate information • Don’t mix infrastructure management information • …with security information • …with customer data …etc. – Architect for completely separate paths: • (Public) (Infrastructure control) (Network device control) (Security management) • Entails a differentiated set of networks • Isolate, Isolate, Isolate • Encrypt, Encrypt, Encrypt • Consumer – Who is the provider? – What are you really buying? Transparency, independent verification, indemnification? Booz | Allen | Hamilton 37
  • 38. Thank You Business: Winkler_Joachim@BAH.Com Personal: Vic@VicWinkler.Com Phone: 703.622.7111 “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress 2011) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 38