View
397
Download
0
Category
Tags:
Preview:
DESCRIPTION
Citation preview
Security POC June 12, 2012
Matt Lowth
Principal Security Architect
Jeffrey Deacon
Chief Cloud Strategist
Albert Caballero
Chief Technology Officer
1
2
NAB and the ODCA
About Us
National Australia Bank Group (the Group) is a financial services organisation with over 12,000,000 customers and 50,000 people, operating more than 1,750 stores and Service Centres globally.
Currently developing our Internal Private Cloud Capability.
NAB and the ODCA Part of the ODCA as a Steering Committee Member since 2010.
Chair of Security Workgroup and helped develop Security Usage Models.
3
Challenges and Role of Usage Models
Challenges
• Common understanding of security standards is a big hurdle to enterprise cloud adoption
• Very difficult to determine “what is secure”
Usage Models
• Usage models developed to overcome these issues
• Provider assurance
• Security monitoring
• Bronze/Silver/Gold/Platinum
4
ODCA Proof of Concept Process
PM = Project Management, SP= Solution Provider, SW = Software, WG = Work Group,
REAL WORLD SOLUTIONS built on industry driven guidelines
• SP checklist submitted
• Members select SP
• Initiate kick-off meeting
• WG, steering comm. notified
• Generate/Agree on statement of work
• Determine PM method
• Generate test plan
• WG approval of test plan
• Acquire equipment, SW, and licensing
• Configure Test bed
• Execute test plan/document
• Reports
• WG feedback
• Demos
• Other
Pre-engagement Match Making
Project Planning
Project Execution
Project Closure
5
ODCA Security POC Usage Model
Security Provider Assurance
• 26 security requirements
• 8 test cases
Security Monitoring
• Requires proof of achieving requirements
• 2 success scenarios
6
Enterprise Cloud Services
7
Terremark Vision for Enterprise Cloud
Core Capabilities Purpose-Built Data Centers Secure and Isolate Customer Data Automated and Efficient Programmable with Application Services
Attributes Global Extensible Hybrid Capability Service Levels Simplicity of Use Predictability and Control
Investment Expansion Expertise and People New Solutions and Markets
Globally Delivered from World-Class Facilities
8
Every virtual farm contains: • Virtual Firewall • Virtual Load Balancer
Carves out secure access to resources and creates customer VLAN
Directly provisioned from the portal
Two-tiered networking space: • Trusted network accessible only to other CaaS servers • DMZ network can be configured for Public IP-facing
applications
Virtual Farm is key part of security story
Virtual Farm with Intelligent Networking The Building Block of Your Environment
The virtual farm creates the individual customer network construct and delivers a secure and resilient configuration to access and protect customer data.
Virtual Load Balancer
Virtual Firewall
DMZ Network (Public IP-Facing) Trusted
Network
Storage
Server Resources
Server Resources
Virtual Farm N
9
ODCA Gold Provider Assurance Terremark Verizon Managed Cloud Cloud Subscriber Security Infrastructure
Internet
Remote Sites Name: CP Bastion 02 Server OS: RH Linux Role: Remote Access
Name: CP Bastion 01 Server OS: Windows 2003 Role: Remote Access
SecApp02 Server OS: Windows 2003 Role: ODCA Gold Demos
SecApp01 Server OS: Windows 2008 Role: Security Management
WebApp02 Server OS: RH Linux Role: Application Server
WebApp01 Server OS: RH Linux Role: Application Server
SecMgmt01 Server OS: Windows 2003 Role: Directory Services
SecScanner01 Server OS: Windows 2003 Role: Vulnerability Scanner
SecSIEM01 Server OS: Windows 2008 Role: Log Management
SecPol01 Server OS: Windows 2008 Role: Policy Management
SecDB01 Server OS: Linux Red Hat 5.6 Role: Database Server
CP Firewall 01
ODCA Gold Firewall 01 CP Load
Balancer
Remote Connections
CP Firewall 02
ODCA Gold Firewall 02
DMZ
Internal Network
10
11
Testing Methodology
1. Assess Provider Assurance Requirements
2. Identify Security Technologies and Provider Policies Needed to Support the Solution
3. Implement ODCA Solution:
• Trapezoid Interoperability Lab
• Terremark Managed VMware Cloud
• Applied Innovations HyperV Cloud
4. Security Monitoring
12
ODCA Gold Assurance: Challenges
Proof of Concepts Steps
1. Multiple service providers
2. 8 test cases covering provider assurance requirements
3. Subscriber validation of requirements
4. Also designing a portal that provides a web interface to tools that have multiple views and reports for Platinum ODCA
Providers don’t perform many of the security requirements yet
Surfacing data from tools that aren’t truly multi-tenant
All security requirements needs to be in place prior to the security monitoring reports
13
ODCA Gold Assurance: Results
Currently no service providers are meeting all of the requirements
Service Providers must work more closely with cloud subscriber
Third party security providers can help facilitate the process by adding layers of security required by each assurance level
14
Impact of PoC
Elements of usage model well defined, however some controls difficult to assess and/or implement
Usage model developed with best intention
Further refinement of the usage model to come to allow the more broad adoption of these tiered offerings, including distinction between managed/unmanaged service
Purpose of the PoC was to determine whether the standards we’d created were implementable
15
RFP / Adoption
Additional refresh of usage model to take into account results of the PoC
RFP requirements also refined as part of this process
Your Opportunity:
Learn from this POC to form your organizational strategy.
Demand secure and standard solutions based on ODCA requirements
16
Thank You
17
Resources
PRIORITIZE Learn the latest about ODCA requirements
at www.opendatacenteralliance.org
Use ODCA PEAT Tool for Upcoming RFPs
Explore the Latest Solutions at ODCA's
Cloud Expo Showcase Booth #411
Actively Participate in Today's Sessions
Scale your Knowledge with ODCA MEET
DELIVER
SHARE #Forecast12
Recommended