• No results found

Addressing Security for Hybrid Cloud

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Addressing Security for Hybrid Cloud"

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)

Addressing Security for Hybrid Cloud

Sreekanth Iyer

Executive IT Architect

IBM Cloud (CTO Office)

Email :

sreek.iyer@in.ibm.com

Twitter: @sreek

Blog:

http://ibm.co/sreek

(2)
(3)

Services

Organization

Security Responsibilities and Objectives

Software as a

Service (SaaS)

CxOs (CIO, CMO,

CHRO, ...)

 Complete visibility to enterprise SaaS usage and risk profiling

 Governance of user access to SaaS and identity federation

Clients’ security objectives reflect their Cloud adoption

Platform as a

Service (PaaS)

Application teams,

LOBs

 Enable developers to compose secure cloud applications and APIs, with

enhanced user experience

 Visibility and protection against fraud and applications threats

Infrastructure as

a Service (IaaS)

CIO, IT teams

 Protect the cloud infrastructure to securely deploy workloads and meet

compliance objectives

 Have full operational visibility across hybrid cloud deployments, and govern

usage

(4)
(5)

… are changing to security centered around applications and data

5

Online Banking

Application

Investment

API Services

Employee

Application

Build and Deliver Apps,

Services (PaaS)

Consume Apps

and Services (SaaS)

Leverage Public Clouds (IaaS)

Trusted Intranet

DMZ

Untrusted Internet

Apps, APIs

Services

(6)

Cloud presents the opportunity to radically transform security practices

Dynamic Cloud Security

Standardized, automated,

agile, and elastic

Traditional Security

Manual, static,

and reactive

(7)

Clients focus on three imperatives for improving security

Detect threats with

visibility across clouds

Govern the

usage of cloud

Protect workloads

and data in the cloud

How can I understand who

is accessing the cloud

from anywhere, at anytime?

How can I fix vulnerabilities

and defend against attacks

before they’re exploited?

How can I obtain a

comprehensive view of cloud

and traditional environments?

“I can take advantage

of centralized cloud

logging and auditing

interfaces to hunt

for attacks.”

“Going to the cloud

gives me a single

choke point for all user

access ‒ it provides

much more control.”

“Cloud gives me

security APIs and

preconfigured policies

to help protect my data

(8)

IaaS: Securing infrastructure and workloads

SaaS: Secure usage of business applications

PaaS: Secure service composition and apps

Bluemix

Client Consumption

Models

Security SaaS

Virtual

Appliances

M

a

n

a

g

e

d

S

e

c

u

rit

y

S

e

rv

ic

e

s

APIs

P

ro

fe

s

s

io

n

a

l S

e

c

u

rit

y

S

e

rv

ic

e

s

Cloud Security Capabilities

Manage Access

Protect Data

Gain Visibility

Protect infrastructure,

applications, and data

from threats

Auditable intelligence

on cloud access,

activity, cost and

compliance

Manage identities

and govern user access

(9)

Examples - Enterprise hybrid cloud adoption requires integrated security

solutions

Manage Access

Protect Data

Gain Visibility

Software as a

service (SaaS)

Enable employees to connect

securely to SaaS

SaaS access governance

Identity federation

Secure connectivity and data

movement to SaaS

Data tokenization

Secure proxy to SaaS

Application control

Monitoring and risk profiling of

enterprise SaaS usage

Monitor SaaS usage

Risk profiling of SaaS apps

Compliance reporting

Platform as a

Service (PaaS)

Integrate identity and access into

services and applications

DevOps access

management

Authentication and

authorization APIs

Build and deploy secure services

and applications

Database encryption

App security scanning

Threat and Fraud protection

Log, audit at service and

application level

Monitor application, services

and platform

Service vulnerabilities

Compliance reporting

Infrastructure

as a Service

(IaaS)

Manage cloud administration and

workload access

Privileged admin

management

Access management of web

workloads

Protect the cloud infrastructure to

securely deploy workloads

Storage encryption

Network protection ‒

firewalls, IPS

Host security, vulnerability

scanning

Security monitoring and

intelligence

Monitor hybrid cloud

infrastructure

Monitor workloads

Log, audit, analysis and

compliance reporting

(10)

IBM Cloud Security

Optimize Security Operations

Manage

Access

Protect

Data

Gain

Visibility

SaaS

PaaS

IaaS

(11)

Securing Cloud – JKE Scenario

(12)

www.ibm.com/security

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and

response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,

References

Download now ( PDF - 12 Page - 2.27 MB )

Related documents

The European Central Bank and the Euro: The First Year

The creation of the euro and the European Central Bank is a remarkable and unprecedented event in economic and political history: creating a supranational central bank and

PHYSICAL situations concerned with the rate of change

Because of the mathematical and physical properties, the Bratu initial value problems have been studied extensively by many researchers, for example [4] studied a numerical solution

Lesbian motherhood in a Chilean cultural context

The first Study 1’s purpose was to investigate the life course experiences of a group of Chilean lesbian mothers who conceived their children through a previous

Trading Votes for Votes. A Dynamic Theory

The central finding of the paper is a general existence re- sult: there always exists a sequence of payoff-improving trades that leads to a stable vote allocation in finite time,

Causation Delays and Causal Neutralization up to Three Steps Ahead: The Money-Output Relationship Revisited

In models of money supply growth ∆m, output growth ∆y, inflation ∆p, fluctuations in an interest rate ∆r and a rate spread rr, however, we find only one case in which

Aging in Bedford: A community needs assessment

Focus group #4 (N=8) included representatives from the regional transit system, the Veteran’s hospital, the local senior living community, local community college, and

Trade Unions and Industrial Injury in Great Britain

However, the ability for unions to reduce injury rates does not appear to increase monotonically as they progress along a workplace instrumentality continuum from recognition alone to

KP.reader 3-Predictive Stellar Astro

Disease is indicated by the 6' Cusp, 6th house, planets in the constellation of the occupants of the 6th house, the occupants of the &I' house, the planets in the constellation