Produced in cooperation with:
HP Technology Forum & Expo 2009
© 2009 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Securing Cloud ServicesJohn Rhoton
Distinguished TechnologistHP EDS CTO Office
June 2009
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
So, What is Cloud Computing?The 451 Group: “The cloud is IT as a Service, delivered by IT resources
that are independent of location”Gartner: “Cloud computing is a style of computing where massively
scalable IT-related capabilities are provided ‘as a service’ across the Internet to multiple external customers”
Forrester: “A pool of abstracted, highly scalable, and managed infrastructure capable of hosting end-customer applications and billed by consumption”
Wikipedia: “A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them.”
“A large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization. This pool of re-sources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs.”
Vaquero, Rodero-Merino, Caceres, Lindner
Cloud Attributes• Off-premise• Outside Firewall• Delivered over Internet• Available on Demand• Scalable• Elastic• Utility billed
• Multi-tenant• Virtualised• Available as Service• Location independent
• SOA?• Grid?• Web 2.0?
Private versus Public Cloud
Innovation & Impact• Innovation
−Incremental
−Individually not impressive or not recent
−Compare Internet• TCP/IP, HTTP, HTML, PC
• Impact−IT: New platforms, Service delivery models
−Business: Capex, Opex, Agility
−Economic: Entry barriers, Startup speed, Startup numbers
−Political: Regulation, Compliance
6 April 10, 2023
7 17 Decmeber 2008
Massive Scale-out and the CloudEnterprise Class Global class
On-premise Hybrid/off-premise
100s -1000s of nodes 10,000+ nodes
Proprietary Commodity
HW resiliency SW resiliency
Max performance Max efficiency
Silo’ed Resources Shared Resources
Cost-Center
Clusters Grids/Cloud
Value/
Revenue-Center
Static Elastic
Shared storage Replicated storage
Facility costs Power Usage Efficiency
2938: The Value of Cloud in the Business Technology Ecosystem
Business
users
Cloud service provider
Hosted / outsourced service provider IT organization
internal service provider
Market contextA service-centric perspective sheds light on all value chain constituents
8
S
S
S
Externalservices
In-house services
Cloudservices
Business
outcome
Massive scale-out infrastructure
Global-class software
Enterprise-class software
Dedicated and sharedinfrastructure
Enterprise-class software
Dedicated and shared infrastructure
2938: The Value of Cloud in the Business Technology Ecosystem
Cloud Model
Hardware Computation StorageMemory
Colocation Real Estate CoolingPower Bandwidth
Virtualisation Provisioning BillingVirtualisation
PlatformProgrammingLanguage
DevelopmentEnvironment
APIs
Application CRM UCEmail ....... .......
Integration
Operation
Governance
Governance
Operation
Integration
Infrastructure
Platform
Software
Cloud Landscape
Why Cloud Computing?• Cost reduction
− Benefit from economies of scale and experience curve− Predictability of spend− Avoids cost of over-provisioning− Reduction in up-front investment
• Risk reduction− Offload risk or running the data-centre, data protection, and disaster
recovery− Reduces risk of under-provisioning
• Focus on core competency− Reduce effort and administration related to IT− Automatic service evolution
• Flexibility− Roll-out new services, retire old− Scale up and down as needed; quickly− Faster time to market: Lower barriers to innovation− Access from any place, any device, any time
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
Security Benefits and Opportunities• Cloud providers undergo rigorous audits• Isolation of customer and employee data• Disaster Recovery extensions• Centralised monitoring• Forensic readiness• Password assurance testing• Pre-hardened builds• Security testing• Obfuscation of physical infrastructure
13 April 10, 2023
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
Challenges• Governance• Compliance• Data Privacy• Service Availability
−Vendor Lock-in
−Latency
• Identity Management• Lock-in• Rogue Clouds
15 April 10, 2023
Governance
16 April 10, 2023
Compliance• Sarbanes Oxley• HIPAA• FDA• Basel II• PCI• FISMA• GLBA• OSHA• ISO 27002
17 April 10, 2023
Data Privacy
18 April 10, 2023
Resilience• Service Availability• Integration risks• Business Continuity• Latency• Fault Tolerance
19 April 10, 2023
Identity Management• Authentication• Authorisation
−Access rights
• Federation−Interoperability
−Standards• XACML, SAML
• Rapid provisioning−Immediate de-provisioning
• Identity theft
20 April 10, 2023
Cloud Computing: Models
EnterpriseEnterprise
Data
Storage
Service
Data
Storage
Service
Office
Apps
Office
Apps
On Demand
CPUs
On Demand
CPUsPrinting
Service
Printing
Service
Cloud
Provider #1
Cloud
Provider #1
Cloud
Provider #2
Cloud
Provider #2
Internal CloudInternal Cloud
CRM
Service
CRM
Service
……
Service 3Service 3
Backup
Service
Backup
Service ILM
Service
ILM
ServiceServiceService
ServiceService
ServiceService
Business
Apps/Service
Business
Apps/Service
EmployeeEmployee
UserUser
…………
…… The
Internet
The
Internet
Identity in the Cloud: Enterprise Case
EnterpriseEnterprise
Data
Storage
Service
Data
Storage
Service
Office
Apps
Office
Apps
On Demand
CPUs
On Demand
CPUsPrinting
Service
Printing
Service
Cloud
Provider #1
Cloud
Provider #1
Cloud
Provider #2
Cloud
Provider #2
Internal CloudInternal Cloud
CRM
Service
CRM
Service
……
Service 3Service 3
Backup
Service
Backup
Service ILM
Service
ILM
ServiceServiceService
ServiceService
ServiceService
Business
Apps/Service
Business
Apps/Service
EmployeeEmployee
…………
…… The
Internet
The
Internet
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Identity &
Credentials
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
Authentication
Authorization
Audit
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
User Account
Provisioning/
De-provisioning
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
PII Data
& Confidential
Information
IAM Capabilities
and Services
Can be
Outsourced in
The Cloud …
IAM Capabilities
and Services
Can be
Outsourced in
The Cloud …
Lock-in• IaaS
−Standard Hardware, Software
−Low Risk
• PaaS−Programming Language,
−APIs
−Data Extraction
• SaaS−Data Extraction
−Functionality, User retraining
• Assess Vendor viability
23 April 10, 2023
Rogue Clouds• Shadow IT may circumvent Central IT• Suboptimal Resource allocation• Disregard Compliance• Compromise Information Security
24 April 10, 2023
Cloud Security Activity and Standards• Cloud Security Alliance• ENISA (European Network and Information
Security Agency)−Cloud Risk Assessment
• Open Group−Jericho Forum
• SAS 70• NIST Special Publication 853• FIPS 199/200
25 April 10, 2023
• Overview of Cloud• Security benefits• Security challenges• HP Solutions
Agenda
Exte
rnally
host
ed
An infrastructure utility underpins both dedicated and “as a service” applications
Business outcomesBusiness outcomes
Infrastructure as a service
Business outcome
Technology-enabled services
Cloud Infrastructure Utility
Enterprise Infrastructure Utility
Inte
rnally
host
ed
Enterprise-class applications
Global-class cloud services
2938: The Value of Cloud in the Business Technology Ecosystem
HP delivers on the Business Technology EcosystemA sampling of HP product and services
Business outcomesBusiness outcomesBusiness outcome
Exte
rnally
host
ed
Infrastructure as a service
Technology-enabled services
Infrastructure Utilityhomogeneous, centralized design
Infrastructure Utility heterogeneous, distributed
design
Enterprise-class applications
Global-class cloud services
EDS Application Services
Performance / Quality Center
Security Center
Service Manager Catalog
Business Service Automation
Insight Orchestration
Business Service Management
Proliant / Integrity
ProCurve
Storage Works
Insight Dynamics - VSE Proliant BL2x220c
StorageWorks ExDS9100
Portable Optimized Datacenter
Snapfish, BookPrep, MagCloud
Business Availability Center
Quality and Security Centers
Cloud Assure
Concierge Services
Project & Portfolio Management
2938: The Value of Cloud in the Business Technology Ecosystem
HP delivers value across the business technology ecosystem
29 Apr 10, 202329
We build it Leading data center design company
We power it With leading servers, storage and networking
We design it Expertise in application architecture & frameworks
We automate it With virtualization and management software
We secure it Through HP Secure Advantage program
We support it With tens of thousands of IT professionals
We govern it HP wrote the books on service management
We measure it HP can measure the fiscal impact of services
We deliver it Through purchased, financed, outsourced, cloud
We build it Leading data center design company
We power it With leading servers, storage and networking
We design it Expertise in application architecture & frameworks
We automate it With virtualization and management software
We secure it Through HP Secure Advantage program
We support it With tens of thousands of IT professionals
We govern it HP wrote the books on service management
We measure it HP can measure the fiscal impact of services
We deliver it Through purchased, financed, outsourced, cloud
2938: The Value of Cloud in the Business Technology Ecosystem
April 10, 202330
HP Secure Advantage:Making security a business enabler
Products –– Partners –– Solutions
Business Outcomes Business Outcomes
Protect resources Protect data Provide validation
Technology
People and processPeople and process
Reduce Cost
•Virtualized
•Efficient
•Pre-packaged
•Scalable
HP provides low-cost/high-quality solution delivery combining expert knowledge and security products from the desktop to the data center using proven methodologies with global resources.
Reduce Complexity
Standardized •
Integrated •
Consulting •
Managed •
In/Outsourced •
Pre-integrated solutions with major security players , & the HP Secure Advantage
portfolio, along with the flexibility to leverage
services globally to consult, deploy or manage these
solutions, reduces complexity for our
customers.
The secure end-to-end business advantage
Reduce Risk
HP uses its internal best practices, developed in HP Labs and HP Services to create and commercialize security solutions and services for customers across the world.
3296 HP Secure Advantage
HP Secure Advantage services portfolio
Provide validation
Protect data
Governance, Risk & Compliance
Management
Infrastructure Security
Identity & Access Management
Data Protection & Privacy Management
Protect resources
Enablement to Management services from Desktop to Datacenter.
Endpoint Security
NetworkSecurity
Data CenterSecurity
Security Operations
Business Continuity& Recovery
Risk Management& Compliance
Infrastructure Security
Governance, Risk& Compliance Mgmt
Data Protection & Privacy Mgmt
Identity & Access Management
Identity & Access Mgmt
Data Security
Content Security
ApplicationSecurity
3296 HP Secure Advantage
HP Secure Advantage- Product Portfolio -1
Categories Domains HP Secure Advantage Products
Infrastructure Security
Network SecurityHP ProCurve Network Access ControlHP ProCurve Network Immunity ManagerHP ProCurve ONE network security solutions
Endpoint SecurityHP ProtectToolsHP Business Service Automation - Client Automation CenterHP Secure Document Advantage Family
Data Center Security
HP Insight Dynamics - VSEHP NetTopHP-UX 11i (CC EAL4+, HIDS)HP Linux (CC EAL4+)HP OpenVMSHP NonStop SafeguardHP Neoview Security
Data Protection & Privacy Management
Data Security
HP Secure Key ManagerHP Atalla Key Block, NSPHP ProtectTools Drive EncryptionHP Storage Media Encryption Fabric SwitchHP XP Disk Array Encryption HP LTO-4 Tape EncryptionHP Data ProtectorHP-UX EVFSHP NonStop Volume Level EncryptionHP Medical Archive Solution
Content Security HP BladeSystem content security solutions
Application Security HP Application Security Center
3296 HP Secure Advantage
HP Secure Advantage – Product Portfolio - 2
Categories Domains HP Secure Advantage Products
Governance Risk & Compliance Mgmt
Risk Management & Compliance
HP Compliance Log WarehouseHP TRIM (e-Discovery)HP Integrated Archival Platform (ILM/archiving for Email, Database, File)HP Business Service Automation - Data Center Automation Center (Server Automation, Network Automation)HP Medical Archive SolutionHP DragonHP Application Security Center
Security Operations
HP Business Service Automation - Data Center Automation Center (Server Automation, Network Automation, Live Network, Release Control) and Client Automation CenterHP IT Service Management (Asset Manager, Decision Center etc)HP UCMDB, DDMHP Proliant Essentials Vulnerability & Patch Management PackHP Systems Insight ManagerHP Compliance Log Warehouse
Business Continuity& Recovery HP Business Service Management
Identity & Access Management
Identity & Access Management
HP ProCurve Identity Driven ManagerHP IcewallHP-UX, Linux, NonStop etc
3296 HP Secure Advantage
HP Servers, Storage,Networking, PC’s,Printers
HP Software –HP Application Center, BusinessService Automation, Change Management
Services and SupportAssessment, Deployment, hosting, managed services
HP Secure Advantage Solutions
HP Secure
Advantage
Comprehensive solutions
consisting of HP hardware,
software, services and expertise to
mitigate risk
Better business outcomes
04/10/2334
© 2009 Hewlett-Packard Development Company, L.P.
Leveraging 37 years’ experience of delivering secure transactions across the world for 1000s of customers
3296 HP Secure Advantage
Practical advice• Plan! Prepare!• Assess risks• Application audit/inventory• Begin with non-sensitive data• Consider disaster-recovery extensions• Encrypt sensitive data
35 April 10, 2023
Summary• „Cloud Computing“ means different things to different
people−That doesn‘t stop us from implementing it
• Cloud Computing has many benefits−Some Enterprise advantages can also be covered through
Private Clouds
• There are security challenges around Cloud Computing−But also some benefits
• Cloud Computing is still work-in-progress−Privacy, Service-levels, Interoperabilty
• It‘s possible to get started in the Enteprise today−The most critical challenge is to make the existing environment
future-proof
More information• Presentation will be posted to:
−http://www.slideshare.net/rhoton
• Additional Resources−http://www.hp.com/go/cloud
−http://www.hp.com/go/security
• Any other questions?−http://www.linkedin.com/in/rhoton