SlideShare ist ein Scribd-Unternehmen logo

5 Easy Steps to Securing Workloads on Public Clouds

Als PPTX, PDF herunterladen
IBM Security
IBM Security

Cloud security remains a major consideration for projects moving to the cloud. While the topic has become less of an inhibitor to cloud adoption, the growing number of options creates complexity challenges and integration limitations. This webinar will focus on best practices for securing cloud workloads, based on common patterns emerging from customer deployments across a variety of cloud environments. The session will highlight current differences between traditional software security and security in the cloud. It will touch upon emerging capabilities in virtual security products, and it will conclude with a tour of where virtualized security is heading and highlight how it can be stronger and faster than anything we had before. View the full on-demand webcast: http://securityintelligence.com/events/secure-workloads-public-clouds-5-easy-steps/#.VMvUbPMo6Mo

Technologie
1 von 36
© 2012 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds Jeff Hoy Cloud Security Architect IBM Security Systems, CTO Office May 21, 2014
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 3 Share our views about Cloud Security • How cloud is changing security • Impact to your organization 5 Easy Steps to securing workloads • Topology-based options • Detailed examples Looking forward • Trends in cloud direction • Emerging security capabilities Goals of This Webinar 1 2 3
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 4 Speaker Background About Jeff • Cloud Security Architect • IBM Security Systems • CTO Team • 12+ years with IBM • jeffhoy@us.ibm.com Focus Areas: • Cloud Security Enablement • SaaS Security • Hybrid Cloud • Next Generation Cloud Security
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 5 Topic: Securing the Cloud Security in the Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 6 Services Acquired Organization / Buyers Security Responsibilities and Objectives Software as a Service (SaaS) CxOs (CIO, CMO, CHRO, ...)  Complete visibility to enterprise SaaS usage and risk profiling  Governance of user access to SaaS and identity federation Platform as a Service (PaaS) Application teams, LOBs  Enable developers to compose secure cloud applications and APIs, with enhanced user experience  Visibility and protection against fraud and applications threats Infrastructure as a Service (IaaS) CIO, IT teams  Protect the cloud infrastructure to securely deploy workloads and meet compliance objectives  Have full operational visibility across hybrid cloud deployments, and govern usage Security objectives reflect responsibilities when adopting Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 7 Trusted Intranet Online Banking Application Employee Application DMZ Untrusted Internet 7 Traditional perimeter based security controls …
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 8 Online Banking Application Investment API Services Employee Application Build and Deliver Apps, Services (PaaS) Consume Apps and Services (SaaS) Leverage Public Clouds (IaaS) Trusted Intranet DMZ Untrusted Internet 8 Apps, APIs Services Traditional perimeter based security controls … … are changing to security centered around applications and interactions
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 9 Cloud Security Capabilities Identity Protection Insight Protect infrastructure, applications, and data from threats Auditable intelligence on cloud access, activity, cost and compliance Manage identities and govern user access IaaS: Securing infrastructure and workloads SaaS: Secure usage of business applications PaaS: Secure service composition and apps Bluemix We see three sets of capabilities to help adopt cloud with confidence
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 10 How will complex environments evolve for your organization?
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 11 Topic: 5 Easy Steps 5 Easy Steps to Securing Workloads on Public Clouds
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 12 Step #1: Basic Security Enablement Traditional on-premise IPS Visibility Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Public cloud-based IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Same principles apply Visibility
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 13 Monitor & manage security posture Configure application centric security policies Provision secure cloud infrastructure User Access Customer Application Network Protection Cloud Admins Security Team Application Team Enterprise Roles Service users Securely Access Cloud services Security Intelligence Data Security Example #1: Securing Workloads on Cloud Infrastructure (IaaS) EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 14 Step #2: Pattern-Based Security IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt Visibility System Template Pattern Engine Preconfigured Systems Customize
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 15 Example #2: Secure Image Deployment Virtual Image • Apache HTTP Server • WebSphere Liberty • Banking EJB • IBM Access Manager • IBM Identity Manager • Restrictive Firewalls • Endpoint Manager • Disk encryption • Credential Vault Deploy Images Update Images • IP Address • Hostname • Credentials, etc Production System EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 16 Shared Security Services REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing Security Policy Management for Cloud Step #3: Automation-Enabled Pattern & Policy-driven Approaches
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 17 Example #3: Pattern-Based Access Management Security Web Gateway Web Application 1 2 3 4 56 78 9 10 Environment Components 1. QRadar vSys Pattern 2. External ISAM Appliance 3. ISAM Log Integration 4. WebSEAL Reverse Proxy 5. Application vSys Pattern 6. Application TAI + Junction 7. Consolidated Logbackup 8. SQL Injection Attack 9. Application Response 10. QRadar threat console EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 18 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Workloads deployed in private virtual Environments Public Cloud Services Step #4: Integrated Intelligence across Hybrid Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 19 Example #4: Security Intelligence for Virtual Infrastructure Business challenge: • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data Solution: • Scales to large volumes • User friendly reporting • Quick search and review of logs • Reasonable cost of ownership SaaS applications Infrastructure as a Service Security Intelligence for Hybrid Cloud 19 Virtualized data center EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 20 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Step #5: Leverage Security SaaS
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 21 Example #5: SaaS Security Usage in Your Environment EXAMPLE
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 22 Topic: Looking Forward Cloud Security Trends
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 23 IBM SECURITY SYSTEMS :: IBM Confidential :: ©2013 IBM Corporation Dynamic Analysis Interactive Analysis Mobile App Analysis Static Analysis Application Security Management Inventory assets Assess business impact Measure status & progress Prioritize vulnerabilities Determine compliance DEV OPS Dynamic Analysis Database monitoring Security Intelligence SIEM Network Activity Monitoring Vulnerability Mgmt Log Mgmt Network Protection Fraud Protection AppScan QRadar Guardium SiteProtetor/ IPS Trusteer Security Across the Cloud DevOps lifecycle
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 24 DMZ Trusted Intranet Online banking application Online Banking Application Migrating Online Application to off-premise cloud Traditional Data Center End UsersDomain Specialized Developer Infrastructure Operations Security & Compliance Manager Cloud Application Zone Active Protection – Typical Scenario
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 25 Access Application 4 Deploy App Provision workload and security components 2 Online Banking App Workload Box IBM Access Manager IBM QRadar SIEM Web App DBWeb App DB 2 1 Config & Automation 3 Secure Application Demo Available - User Access Management, Web Application Protection, Log Management, Security Intelligence Cloud Application Zone Active Protection - Solution Overview
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 26 • Data security as a virtual appliance deployed on the Cloud • Data activity monitoring across hybrid clouds – virtualized and public clouds • Provides vulnerability assessments of data systems • Encrypts and masks sensitive data when used by privileged users Data is… • Leaving the data center • Stored on shared drives and cloud infrastructure • Hosted by 3rd party • Managed by 3rd party Data Protection Business Challenge: Solution: 26 Virtualized data center IBM InfoSphere Guardium Encryption Masking 123 XJE Activity Monitoring Activity Monitoring Vulnerability Assessment Vulnerability Assessment Structured & Unstructured Data Cloud ready data security and privacy on the cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 27 Today Announcements Delivering security from the cloud: Solutions to protect cloud workloads: Identity-as-a-Service beta for the IBM Cloud Platform Security Optimization & Threat Monitoring QRadar optimizations for cloud Enhanced Virtual Threat Protection IBM leads with enterprise-grade cloud security
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 28 Cloud creates opportunities for enhanced security 5 Easy steps to securing workloads 1. Basic Enablement 2. Pattern-Based Security 3. Automated Integration 4. Hybrid Cloud Security 5. Leveraging SaaS Going forward • Direction of the cloud • Emerging security capabilities Summary 1 2 3
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 29 Key Cloud Resources IBM Best Cloud Computing Security IBM Research and Papers  Special research concentration in cloud security, including white Papers, Redbooks, Solution Brief – Cloud Security IBM X-Force  Proactive counter intelligence and public education http://www-03.ibm.com/security/xforce/ IBM Institute for Advanced Security  Cloud Security Zone and Blog (Link) Customer Case Study  EXA Corporation creates a secure and resilient private cloud (Link) Collateral Sales Support:  NEW IBM Cloud Security Strategy and Community connections page (Link)  NEW Internal IBM SWG Sellers Workplace – Cloud Security Collateral - (Link)  SmartCloud Security Solutions Sales Kit – (Link) Other Links:  IBM Media series – SEI Cloud Security (Link)  External IBM.COM : IBM Security Solutions (Link)  External IBM.COM : IBM SmartCloud– security (Link)  IBM SmartCloud security video (Link)
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 30 Questions? We Value Your Feedback!
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 31 Backup
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 32 Insight Establish intelligence across enterprise and cloud •QRadar SIEM QRadar Log Manager QRadar Forensics rotection Protect data, applications and infrastructure from threats and risks Data & Application • IBM InfoSphere Guardium • IBM Security AppScan • IBM WebSphere DataPower Infrastructure • IBM Security Network Protection • IBM Security Trusteer • IBM Endpoint Manager Protection Protect data, applications and infrastructure from threats and risks Identity Manage users and their access to cloudand access Identity • Identity Service - Beta • IBM Security Access Manager • IBM Security Privileged Identity Manager Identity Manage users and their access to cloud Intelligent Security for the Cloud
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 33  AppScan Mobile Analyzer – Ability to upload Android APKs to the cloud for an IAST (interactive application security scan) • Service available through the BlueMix catalog • Upload an APK and receive a security PDF report • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer  AppScan DAST on BlueMix – Run a DAST scan on web application deployed on BlueMix • Service available through the BlueMix catalog • Almost zero configuration (User Name/Password) • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer AppScan Service & APIs from Bluemix
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 34 Cloud software delivery as virtual appliances Security Software Security capabilities as virtual appliances. They should be available as shared services through APIs. Delivering security capabilities as virtual appliances will enable -Security enforcement ‘near’ workloads and in software defined environments - Protection within on-premise virtual environments or hosted clouds
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 35 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Applications require easy-to-use, API-based services
© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 36 DMZ Trusted Intranet Demo Scenario - Visibility to hybrid cloud application Jane Andrew Public Cloud Services Provision infrastructure Deploy App Private Cloud Services Fred Customers Monitor Usage & Security of the Environments Access App Reverse Proxy Load balance Gateway Cloudburst

Empfohlen

Security automation
Security automationSecurity automation
Security automationHexis Cyber Solutions
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security AutomationShawn Wells
 

Empfohlen

Security automation
Security automationSecurity automation
Security automationHexis Cyber Solutions
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security AutomationShawn Wells
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Weitere ähnliche Inhalte

Mehr von IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

Mehr von IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Kürzlich hochgeladen

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

5 Easy Steps to Securing Workloads on Public Clouds

  • 1. © 2012 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds Jeff Hoy Cloud Security Architect IBM Security Systems, CTO Office May 21, 2014
  • 2. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  • 3. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 3 Share our views about Cloud Security • How cloud is changing security • Impact to your organization 5 Easy Steps to securing workloads • Topology-based options • Detailed examples Looking forward • Trends in cloud direction • Emerging security capabilities Goals of This Webinar 1 2 3
  • 4. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 4 Speaker Background About Jeff • Cloud Security Architect • IBM Security Systems • CTO Team • 12+ years with IBM • jeffhoy@us.ibm.com Focus Areas: • Cloud Security Enablement • SaaS Security • Hybrid Cloud • Next Generation Cloud Security
  • 5. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 5 Topic: Securing the Cloud Security in the Cloud
  • 6. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 6 Services Acquired Organization / Buyers Security Responsibilities and Objectives Software as a Service (SaaS) CxOs (CIO, CMO, CHRO, ...)  Complete visibility to enterprise SaaS usage and risk profiling  Governance of user access to SaaS and identity federation Platform as a Service (PaaS) Application teams, LOBs  Enable developers to compose secure cloud applications and APIs, with enhanced user experience  Visibility and protection against fraud and applications threats Infrastructure as a Service (IaaS) CIO, IT teams  Protect the cloud infrastructure to securely deploy workloads and meet compliance objectives  Have full operational visibility across hybrid cloud deployments, and govern usage Security objectives reflect responsibilities when adopting Cloud
  • 7. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 7 Trusted Intranet Online Banking Application Employee Application DMZ Untrusted Internet 7 Traditional perimeter based security controls …
  • 8. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 8 Online Banking Application Investment API Services Employee Application Build and Deliver Apps, Services (PaaS) Consume Apps and Services (SaaS) Leverage Public Clouds (IaaS) Trusted Intranet DMZ Untrusted Internet 8 Apps, APIs Services Traditional perimeter based security controls … … are changing to security centered around applications and interactions
  • 9. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 9 Cloud Security Capabilities Identity Protection Insight Protect infrastructure, applications, and data from threats Auditable intelligence on cloud access, activity, cost and compliance Manage identities and govern user access IaaS: Securing infrastructure and workloads SaaS: Secure usage of business applications PaaS: Secure service composition and apps Bluemix We see three sets of capabilities to help adopt cloud with confidence
  • 10. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 10 How will complex environments evolve for your organization?
  • 11. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 11 Topic: 5 Easy Steps 5 Easy Steps to Securing Workloads on Public Clouds
  • 12. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 12 Step #1: Basic Security Enablement Traditional on-premise IPS Visibility Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Public cloud-based IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt User Admin Same principles apply Visibility
  • 13. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 13 Monitor & manage security posture Configure application centric security policies Provision secure cloud infrastructure User Access Customer Application Network Protection Cloud Admins Security Team Application Team Enterprise Roles Service users Securely Access Cloud services Security Intelligence Data Security Example #1: Securing Workloads on Cloud Infrastructure (IaaS) EXAMPLE
  • 14. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 14 Step #2: Pattern-Based Security IPS Data Security Scanning TLSFirewalls SOA Appliance Endpoint Mgmt Visibility System Template Pattern Engine Preconfigured Systems Customize
  • 15. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 15 Example #2: Secure Image Deployment Virtual Image • Apache HTTP Server • WebSphere Liberty • Banking EJB • IBM Access Manager • IBM Identity Manager • Restrictive Firewalls • Endpoint Manager • Disk encryption • Credential Vault Deploy Images Update Images • IP Address • Hostname • Credentials, etc Production System EXAMPLE
  • 16. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 16 Shared Security Services REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing Security Policy Management for Cloud Step #3: Automation-Enabled Pattern & Policy-driven Approaches
  • 17. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 17 Example #3: Pattern-Based Access Management Security Web Gateway Web Application 1 2 3 4 56 78 9 10 Environment Components 1. QRadar vSys Pattern 2. External ISAM Appliance 3. ISAM Log Integration 4. WebSEAL Reverse Proxy 5. Application vSys Pattern 6. Application TAI + Junction 7. Consolidated Logbackup 8. SQL Injection Attack 9. Application Response 10. QRadar threat console EXAMPLE
  • 18. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 18 Ceilometer Usage / Performance Monitoring + Auditing “Datastores” Core API Layer “Filter” audits all Open Stack API calls CADF AWS CloudTrail OpenStack Audit (CADF) Workloads deployed in private virtual Environments Public Cloud Services Step #4: Integrated Intelligence across Hybrid Cloud
  • 19. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 19 Example #4: Security Intelligence for Virtual Infrastructure Business challenge: • Improved security and visibility into virtual Infrastructures • Better visibility into logs coming from their sensors across the environment • Support ad hoc search across large data Solution: • Scales to large volumes • User friendly reporting • Quick search and review of logs • Reasonable cost of ownership SaaS applications Infrastructure as a Service Security Intelligence for Hybrid Cloud 19 Virtualized data center EXAMPLE
  • 20. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 20 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Step #5: Leverage Security SaaS
  • 21. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 21 Example #5: SaaS Security Usage in Your Environment EXAMPLE
  • 22. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 22 Topic: Looking Forward Cloud Security Trends
  • 23. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 23 IBM SECURITY SYSTEMS :: IBM Confidential :: ©2013 IBM Corporation Dynamic Analysis Interactive Analysis Mobile App Analysis Static Analysis Application Security Management Inventory assets Assess business impact Measure status & progress Prioritize vulnerabilities Determine compliance DEV OPS Dynamic Analysis Database monitoring Security Intelligence SIEM Network Activity Monitoring Vulnerability Mgmt Log Mgmt Network Protection Fraud Protection AppScan QRadar Guardium SiteProtetor/ IPS Trusteer Security Across the Cloud DevOps lifecycle
  • 24. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 24 DMZ Trusted Intranet Online banking application Online Banking Application Migrating Online Application to off-premise cloud Traditional Data Center End UsersDomain Specialized Developer Infrastructure Operations Security & Compliance Manager Cloud Application Zone Active Protection – Typical Scenario
  • 25. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 25 Access Application 4 Deploy App Provision workload and security components 2 Online Banking App Workload Box IBM Access Manager IBM QRadar SIEM Web App DBWeb App DB 2 1 Config & Automation 3 Secure Application Demo Available - User Access Management, Web Application Protection, Log Management, Security Intelligence Cloud Application Zone Active Protection - Solution Overview
  • 26. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 26 • Data security as a virtual appliance deployed on the Cloud • Data activity monitoring across hybrid clouds – virtualized and public clouds • Provides vulnerability assessments of data systems • Encrypts and masks sensitive data when used by privileged users Data is… • Leaving the data center • Stored on shared drives and cloud infrastructure • Hosted by 3rd party • Managed by 3rd party Data Protection Business Challenge: Solution: 26 Virtualized data center IBM InfoSphere Guardium Encryption Masking 123 XJE Activity Monitoring Activity Monitoring Vulnerability Assessment Vulnerability Assessment Structured & Unstructured Data Cloud ready data security and privacy on the cloud
  • 27. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 27 Today Announcements Delivering security from the cloud: Solutions to protect cloud workloads: Identity-as-a-Service beta for the IBM Cloud Platform Security Optimization & Threat Monitoring QRadar optimizations for cloud Enhanced Virtual Threat Protection IBM leads with enterprise-grade cloud security
  • 28. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 28 Cloud creates opportunities for enhanced security 5 Easy steps to securing workloads 1. Basic Enablement 2. Pattern-Based Security 3. Automated Integration 4. Hybrid Cloud Security 5. Leveraging SaaS Going forward • Direction of the cloud • Emerging security capabilities Summary 1 2 3
  • 29. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 29 Key Cloud Resources IBM Best Cloud Computing Security IBM Research and Papers  Special research concentration in cloud security, including white Papers, Redbooks, Solution Brief – Cloud Security IBM X-Force  Proactive counter intelligence and public education http://www-03.ibm.com/security/xforce/ IBM Institute for Advanced Security  Cloud Security Zone and Blog (Link) Customer Case Study  EXA Corporation creates a secure and resilient private cloud (Link) Collateral Sales Support:  NEW IBM Cloud Security Strategy and Community connections page (Link)  NEW Internal IBM SWG Sellers Workplace – Cloud Security Collateral - (Link)  SmartCloud Security Solutions Sales Kit – (Link) Other Links:  IBM Media series – SEI Cloud Security (Link)  External IBM.COM : IBM Security Solutions (Link)  External IBM.COM : IBM SmartCloud– security (Link)  IBM SmartCloud security video (Link)
  • 30. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 30 Questions? We Value Your Feedback!
  • 31. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 31 Backup
  • 32. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 32 Insight Establish intelligence across enterprise and cloud •QRadar SIEM QRadar Log Manager QRadar Forensics rotection Protect data, applications and infrastructure from threats and risks Data & Application • IBM InfoSphere Guardium • IBM Security AppScan • IBM WebSphere DataPower Infrastructure • IBM Security Network Protection • IBM Security Trusteer • IBM Endpoint Manager Protection Protect data, applications and infrastructure from threats and risks Identity Manage users and their access to cloudand access Identity • Identity Service - Beta • IBM Security Access Manager • IBM Security Privileged Identity Manager Identity Manage users and their access to cloud Intelligent Security for the Cloud
  • 33. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 33  AppScan Mobile Analyzer – Ability to upload Android APKs to the cloud for an IAST (interactive application security scan) • Service available through the BlueMix catalog • Upload an APK and receive a security PDF report • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer  AppScan DAST on BlueMix – Run a DAST scan on web application deployed on BlueMix • Service available through the BlueMix catalog • Almost zero configuration (User Name/Password) • Public APIs to integrate to 3rd party • Environment deployed on SoftLayer AppScan Service & APIs from Bluemix
  • 34. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 34 Cloud software delivery as virtual appliances Security Software Security capabilities as virtual appliances. They should be available as shared services through APIs. Delivering security capabilities as virtual appliances will enable -Security enforcement ‘near’ workloads and in software defined environments - Protection within on-premise virtual environments or hosted clouds
  • 35. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 35 Administrator / app owner End users Shared Security Services (Security from the Cloud) REST APIs  Identity as a Service  Log Management & Audit  App and Vulnerability Testing • API enable and standup key products as shared cloud services • Multi-tenancy Applications require easy-to-use, API-based services
  • 36. © 2014 IBM Corporation 5 Easy Steps to Securing Workloads on Public Clouds 36 DMZ Trusted Intranet Demo Scenario - Visibility to hybrid cloud application Jane Andrew Public Cloud Services Provision infrastructure Deploy App Private Cloud Services Fred Customers Monitor Usage & Security of the Environments Access App Reverse Proxy Load balance Gateway Cloudburst