Documente Academic
Documente Profesional
Documente Cultură
Agenda
About RSA Virtualization and Cloud Computing (definitions) RSA / EMC: our experience with cloud Virtualization and Cloud: Risks, Security and Compliance Virtualization and Cloud: RSA security solutions
How?
How We Do It
Identity Security
Authentication
SecurID Adaptive Auth Auth. Manager Express
Data Security
Data Loss Prevention
DLP Cisco IronPort Network Partners Endpoint Partners
Access / Provision
Access Manager Federated Identity Mgr
Fraud Prevention
Fraud Action Transaction Monitoring eFraud Network
Authentication
1st
Leader
Data Loss Prevention
Leader
Web Fraud Detection
Leader
SIEM
Leader
eGRC
How We Do It
RSA Archer
Analyze / Discover
(Data, Threats)
Enforce Controls
RSA enVision
Identity Security
Authentication Access / Provision Fraud Prevention
Data Security
Data Loss Prevention Encryption & Tokenization
The Opportunity
Enterprise IT Has Many Challenges The Public Cloud Has Broad Appeal
Enterprise IT
Complex Expensive Inflexible Siloed
Public Cloud
Simple Low Cost Flexible Dynamic
Infrastructure
Private Cloud
Public Cloud
Simple Low Cost Flexible Dynamic
Infrastructure
70% Will Spend More On Private Cloud through 2012
- Gartner DC Conference 2009
10
Federation GRC
Infrastructure asas-a-Service
Infrastructure
Hybrid Cloud
11
Business Production
Improve Quality Of Service 85% 70%
IT-As-A-Service
Improve Agility 95%
30% 15%
Platinum Gold
Visibility into virtualization infrastructure privileged user monitoring access management network security
Security Compliance Information-centric security Risk-driven policies IT and security operations alignment
13
14
Jsme na cest k privtnmu cloudu (pes 75% virtualizace) Pouvme public cloud aplikace (nap. CRM) VCE (VMware, Cisco, EMC)
Jsme leny CSA (Cloud Security Alliance) Uvedli jsme een Cloud Trust Authority
15
Business Production
Quality of service
IT-as-a-Service IT-asAgility
2004-08
2009-10
2011+
16
Deliver IT as a Service
Define Service Catalog, Publish to Self-service IT Portal
Policy/SLAdriven Management
Availabilit y Security Performan ce Cost
99.99%
High
0.2ms
$500K
Self -Service IT Portal Self -Service IT Portal Self -Service IT Portal Self -Service IT Portal Service IT Portal Service IT Portal Service IT Portal Service IT Portal Self -Service IT Portal Self -Service IT Portal Self -Service IT Portal Self -Service IT Portal Service IT Portal Service IT Portal Service IT Portal Service IT Portal
EMC UIM
17
www.EMC.com/emcit
18
NIST:
Guidelines on Security and Privacy in Public Cloud (800-144 Draft)
19
20
Enterprise IT
Trusted Controlled Reliable Secure
Private Cloud
Public Cloud
Simple Low Cost Flexible Dynamic
Virtualizace
Infrastructure
Dvra
Availabilit y
Cost
99.99%
High
0.2ms
$500K
Virtual Datacenter 2
Test Dev
Bezpenost cloudu
Virtual Datacenter 2
Test Dev
Sov bezpenost
Firma A
Fyzick bezpenost
DMZ HR
ERP
Enterprise IT
Private Cloud
Public Cloud
Virtualizace
Infrastructure
Dvra = SLA ?
Availability
Cost
99.99%
High
0.2ms
$500K
Enterprises
Private Cloud
Hybrid Cloud
Public Cloud
https://cloudsecurityalliance.org/
Do you allow tenants to view your SAS70 Type II/SSAE 16 SOC2/ISAE3402 or similar third party audit reports? Do you permit tenants to perform independent vulnerability assessments? Do you support secure deletion (ex. degausing / cryptographic wiping) of archived data as determined by the tenant? Do you have controls in place to prevent data leakage or intentional/accidential compromise between tenants in a multi-tenant environment? Do you have a DLP solution in place for all systems which interface with your cloud service offering? Do you provide security control health data in order to allow tenants to implement industry standard Continuous Monitoring (which allows continual tenant validation of your physical and logical control status?)
Do you have documented information security baselines for every component of your infrastructure (ex. Hypervisors, operating systems, routers, DNS servers, etc?) Do you have a capability to continuously monitor and report the compliance of your infrastructure against your information security baselines? Do you provide tenants with documentation on how you maintain segregation of duties within your cloud service offering? Do you encrypt tenant data at rest (on disk/storage) within your environment? Do you maintain key management procedures? Do you publish a roles and responsibilities document specifying what you vs. your tenants are responsible for during security incidents? Do you have a DLP solution in place for all systems which interface with your cloud service offering? Does your security information and event management (SIEM) system merge data sources (app logs, firewall logs, IDS logs, physical access logs, etc.) for granular analysis and alerting?
Can I ensure my virtualized business critical applications are running in a secure and compliant environment? How do I centrally manage compliance across mixed VMware and physical IT environments? Can I respond more quickly to security events in my virtual environment? How do I begin to assess hybrid and public cloud service providers?
32
Je to bezpen ? A je to v souladu ?
Bn odpov provozovatele IT: ANO!
Na bezpenost velmi dbme Mme implementovnu spoustu firewall, Dodrujeme zkony . Proli jsme auditem
Vidte dovnit?
Kde jsou Vae data, kdo k nim pistoupil, co se stalo
Mete to dokzat/reportovat?
Business Production
Improve Quality Of Service 85% 70%
IT-As-A-Service
Improve Agility 95%
30% 15%
Platinum Gold
Secure multi-tenancy, Verifiable chain of trust Security Compliance, information-centric security, risk-driven policies, IT and security operations alignment Visibility into virtualization infrastructure, privileged user monitoring, access management, network security
VMware
Cloud
Identity Security
Authentication Access / Provision Fraud Prevention
Data Security
Data Loss Prevention Encryption & Tokenization
VMware vCenter
Clients
RSA enVision log management for VMware vCenter & ESX(i) VMware View RSA SecurID RSA DLP Active Directory
VMware
Cloud
Identity Security
Authentication Access / Provision Fraud Prevention
Data Security
Data Loss Prevention Encryption & Tokenization
RSA enVision
Lost Laptop
Unauthorized Administrator
Scenario
Test Environment
HR Application Server VM
PATCH
HR Database Server VM
HRDB
Name, SSN, DoB, etc
HR Database Server VM
HRDB
Name, SSN, DoB, etc
Is test Is this an Who Was the Clone virtual environment test 1 the patches is to try them out in athe environmentVM A common way toenvironment Test Patch accessed apply to authorized 3 Apply Patch2 production environment destroyed after data in the test sufficiently you can clone the system, data and all In a virtual world protected This is difficult and time-consuming in a production procedure? environment? it was used? & controlled? easy in a virtual environment environment, but very
Scenario
Test Environment
HR Application Server VM
PATCH
HR Database Server VM
HRDB
Name, SSN, DoB, etc
HR Database Server VM
HRDB
Name, SSN, DoB, etc
Patch Applied
RSA enVision
VMware
Cloud
Identity Security
Authentication Access / Provision Fraud Prevention
Data Security
Data Loss Prevention Encryption & Tokenization
RSA Securbook
RSA enVision collects, analyzes and feeds security incidents from RSA, VMware and ecosystem products to inform Archer dashboards
CxO
RSA Archer eGRC
VI Admin
Project Manager
RSA Archer eGRC
VI Configuration Measurement
VMware-specific Controls
RSA enVision
51
52
VMware
Cloud
Identity Security
Authentication Access / Provision Fraud Prevention
Data Security
Data Loss Prevention Encryption & Tokenization
Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Virtualization Identity and Access Management
Visibility:
Compliance Governance Risk Management
60
Enterprise IT
Private Cloud
Public Cloud
Cloud provider A
Virtualizace
Infrastructure
Availabilit y
Cost
Cloud provider D
99.99%
High
0.2ms
$500K
62
Vidte dovnit?
Mete to dokzat/reportovat?
More Information
Info o RSA resenich pro virtualizaci a cloud: www.rsa.com/rsavirtualization uvodni demo: http://www.rsa.com/experience/virtual/RSA_Virtual_Journ ey.html Reseni pro VMware: http://www.rsa.com/node.aspx?id=3684 Reseni pro Cloud (zakladem je zase virtualizace): http://www.rsa.com/node.aspx?id=1130 reseni pro VMware View: http://www.rsa.com/node.aspx?id=1334
Documents solution architecture Solution deployment and configuration guides Operational guidance for effectively using the solution Troubleshooting guidance
65
More Information
www.rsa.com/rsavirtualization RSA SecurBooks Technical guides for deploying and operating RSA Solutions
EMC Solutions for VMware Webcasts - Every Thursday at 11:00 AM ET Join us for Webcasts:
http://mediazone.brighttalk.com/comm/ISC2/a7082f81e6-17335-2838-18812
Questions/Feedback/Discussion
RSA Contacts: Ivan Svoboda: Key Account Manager ivan.svoboda@rsa.com + 420 604 293 394
67
www.rsa.com/securecloud
Thank you!