Trusted Cloud Initiative Work Group Session

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Trusted Cloud Initiative Work Group Session

http://www.cloudsecurityalliance.org/


Architecture Focus Areas



High Level Use Cases

Use Case DescriptionEnd User to Cloud Applications running on the

cloud and accessed by end users

Enterprise to Cloud to End User

Applications running in the public cloud and accessed by employees and customers

Enterprise to Cloud Cloud applications integrated with internal capabilities



PrinciplesDefine protections that enable trust in the cloud.

Develop cross-platform capabilities and patterns for proprietary and open-source providers.

Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer.

Provide direction to secure information that is protected by regulations.

The Architecture must facilitate proper and efficient governance, identification, authentication, authorization, administration and auditability.

Centralize security policy, maintenance operation and oversight functions.

Access to information must be secure yet still easy to obtain.

Delegate or Federate access control where appropriate.

Must be easy to adopt and consume, supporting the design of security patterns.

The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms

The Architecture must address and support multiple levels of protection, including network, operating system, and application security needs.



GoalsUse the breadth of the Cloud Security Alliance

Adjacent initiatives will be a focus for the TCI mandate Built upon “pillars” from the Cloud Security Alliance Provide an end-to-end security specification for cloud securityUse the depth of the Cloud Security Alliance membership

Members have credibility from the top of the application to the “bare metal” GRC and interoperabilityEnable a vendor neutral reference architecture specification

All vendor products that enable an end-to-end security platform will be usedProvide a exemplary reference set of implementations

Global examples so that any country can implement the architecture to their requirements

Show examples of standards and how they can be implemented across productsOpen source initiative

Where the TCI supports implementation under its direction the implementation is open source

Note: The TCI Reference Architecture is not the same as the Cloud Computing Architectural Framework (Domain 1 of the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1)



Holistic Approach to Controls...

Security Framework

(ISO-27002)

IT Audit Framework

(COBIT

)

Legislative Framework

(PCI, SOX, Etc.)

S-P-I Framewor

kCSA

Controls Matrix



… And Architecture Best Practices

Business Architecture

(SABSA)

Service Management Architecture (ITIL)

Security Architecture

(Jericho)

IT Refere

nce Architecture (TOGA

F)

CSA Controls Matrix



Reference Model Structure

Business Operation Support Services

(SABSA)

Information Technology Operation &

Support

(ITIL)

Presentation Services

Application Services

Infrastructure Services

(TOGAF)

Information Services

Security and Risk

Management

(Jericho)



Business Operation Support Services

(BOSS)

Data Governance

Operational Risk Management

Compliance

Security and Risk Management

Presentation Services

Information Services

Infrastructure ServicesFacility Security

Asset Handling

Controlled Physical Access

Information Technology Operation & Support

(ITOS)

Application Services

Service Support

Configuration Management

Problem ManagementIncident Management

Change Management Release Management

Service Delivery

Policies and Standards

Data Protection

Audit Planning

Reference Architecture Version 2.0 (pending changes)

Guiding Principlesq Define protections that enable trust in the cloud.

q Develop cross-platform capabilities and patterns for proprietary and open-source providers.

q Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer.

q Provide direction to secure information that is protected by regulations.

q The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability.

q Centralize security policy, maintenance operation and oversight functions.

q Access to information must be secure yet still easy to obtain.

q Delegate or Federate access control where appropriate.

q Must be easy to adopt and consume, supporting the design of security patterns

q The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms

q The architecture must address and support multiple levels of protection, including network, operating system, and application security needs.

High Level Use Cases

Chief Architect: Jairo OreaLead Architects: Marlin Pholman, Yaron Levi, Dan Logan.Team: David Sherr, Richard Austin , Vern Williams, Anish Mohammed, Harel Hadass, Phil Cox, Yale Li, Price Oden, Tuhin Kumar, Rajiv Mishra, Ravila White, Scott Matsumoto, Rob Wilson, Charlton Barreto, Ryan Bagnulo, Subra Kumaraswamy.Date: 07/20/2011Revision: 12th Review

SABSAITIL v3

JERICHO

Independent Audits

Third-Party Audits

Internal Audits

Contact/Authority Maintenance

Information System Regulatory Mapping

Intellectual Property Protection

Data Ownership / Stewardship

Data Classification

Handling / Labeling / Security Policy

Secure Disposal of Data

Data GovernanceRisk

Assessments

Non-Production

Data

Rules for Information Leakage Prevention

Information Leakage Metadata

Technical Security Standards Data/Asset Classification

Barriers Electronic Surveillance

Physical Authentication

Security Patrols

Business Impact Analysis

TOGAF

Data

SoftwareHardware

Information Technology Resiliency

Capacity PlanningSoftware

Management Physical Inventory

Automated Asset Discovery


Emergency Changes

Planned Changes

Project Changes

Scheduling

Operational Chages

Service Provisioning

Approval Workflow

Change Review Board

Security Incident Response

Automated Ticketing

Self-Service Ticketing

Event Classifiation

Root Cause Analysis

Source Code Management

Trend Analysis

Problem Resolution

TestingBuild

VersionControl

Availability Management

Resiliency Analysis

Capacity Planning

Service Level Management

Objectives Internal SLAs

External SLAs

Vendor Management

OLAs

Service Dashboard

Asset Management

Service Costing

Operational Bugdeting

InvestmentBudgeting

Charge Back

Connectivity & Delivery

Abstraction

Integration MiddlewareProgramming Interfaces

Knowledge Management

Presentation ModalityPresentation Platform

Service Support

Configuration Rules

(Metadata)

Service Events

Service DeliveryService Catalog

SLAs OLAs

ContractsRecovery

Plans

Business Continuity

DomainContainer

Process or Solution Data

Human Resources Security

Crisis Management

Background Screening

Employment Agreements

Employee Termination

Governance Risk & Compliance

Policy Management

IT Risk Management

Compliance Management

Technical Awareness and Training

InfoSec Management

Capability MappingRisk Portfolio Management

Risk Dashboard

Vendor Management

Audit Management

Residual Risk Management

Best practices

Trend Analysis

Benchmarking

Job Descriptions

Roles and Responsibilities

Employee Code of Conduct

IT Operation

Resource Management

Segregation of Duties

PMO Portfolio ManagementMaturity Model

Roadmap

IT GovernanceArchitectrure Governance

Standards and Guidelines

Project Mgmnt

Clear Desk PolicyStrategy Alignment

Data Loss Prevention

Network (Data in Transit)

End-Point(Data in Use)

Server(Data at Rest)

Intellectual Property Protection

Intellectual Property

Digital Rights Management

Cryptographic Services

Threat and Vulnerability Management

Patch Management

Compliance TestingDatabases

Signature ServicesPKI

Data-in-Transit Encryption

(Transitory, Fixed)

Privilege Management InfrastructureIdentity Management

Domain Unique Identifier Federated IDM

Identity Provisioning

Attribute Provisioning

Authentication ServicesSAML Token

Risk Based Auth

OTPSmart Card

Multifactor

Password Management

Authorization Services

Policy Enforcement Policy Definition

Policy Mangement

Principal Data Management

Resource Data Management XACML

Network Authentication

Biometrics

Single Sign OnMiddleware

AuthenticationWS-Security

Privilege Usage Management

Servers Network

Vulnerability ManagementApplication Infrastructure DB

Penetration TestingInternal External

Threat ManagementSource Code Scanning Risk Taxonomy

Infrastructure Protection Services Server

Anti-Virus

HIPS /HIDS

Host Firewall

End-PointAnti-Virus, Anti-Spam,

Anti-Malware HIPS /HIDS Host Firewall

Data-at-Rest Encryption(DB, File, SAN, Desktop,

Mobile)

Media Lockdown

Hardware Based Trusted Assets

Forensic ToolsInventory Control Content

Filtering

ApplicationXML Applicance Application Firewall

Secure Messaging Secure Collaboration

Network

Firewall Content Filtering

NIPS / NIDSLink Layer Network Security

Wireless Protection

User Directory Services

Active Directory Services

LDAP Repositories

X.500 Repositories

DBMS Repositories

Registry Services

Location Services

Federated Services

Reporting ServicesDashboard Reporting ToolsData Mining Business Intelligence

Virtual Directory Services

Security Monitoring

Risk ManagementGRC RA BIA

DR & BC Plans

VRA TVM

Availability Services

Network Services

Storage Services

Development Process


Database (CMDB)

Knowledge Repository

Change Logs

Meta Directory Services

Internal Infrastructure

Servers

End-Points

Virtual Infrastructure

BOSS

SaaS, PaaS, IaaS

Identity Verification

DPI

Session Events

AuthorizationEvents

Authentication Events

Application Events

Network Events

Computer Events

Risk Assessments

Audit Findings

Data Classification

Process Ownership

HR Data(Employees & Contractors)

BusinessStrategy

HIPS

Database Events

ACLs CRLs Compliance Monitoring

NIPSEvents

DLPEVents

Transformation Services

NIPSEvents

Privilege Usage Events

eDiscoveryEvents

ITOSPMO Strategy

Problem Management

Incident Management

CMDB Knowledge Management

ServiceManagement

ChangeManagement

Roadmap

Security Monitoring ServicesSIEM

PlatformEvent Mining

Database Monitoring

Application Monitoring

End-PointMonitoring

Event Correlation

SOC Portal

Market Threat Intelligence

Counter Threat

Management

Cloud Monitoring

HoneyPot

E-Mail Journaling

Managed Security Services

Knowledge Base

Branding Protection

Anti-Phishing

Legal ServicesContracts E-Discovery

Internal InvestigationsForensic Analysis

Data lifecycle managementData

De-Identification

Life cycle management Data Seeding

Data TaggingMeta Data

Control

e-Mail Journaling

Data Obscuring

Data Masking

eSignature(Unstructured data)

Key ManagementSymmetric

KeysAsymmetric

Keys

Role Management

Keystroke/Session Logging

Privilege Usage Gateway

Password Vaulting

Resource Protection

DRPPlan

ManagementTest

Management

Contractors

Network Virtualizaton

External(VLAN)

Internal (VNIC)

Application Virtualization

Desktop “Client” Virtualization

Local Remote

Session-Based

VM-Based (VDI)

Server VirtualizationVirtual Machines (Hosted Based)

Hardware-AssistedParavirtualizationFull

Storage Virtualization <<insert Jairo’s content>

Network Address Space

VirtualizationIPv4 IPv6

OS VIrtualization

TPM Virtualization

Server Application Streaming

Block-Based VirtualizationHost-Based

Storage Device-Based

Network-Based

LVM

LUN

LDM Appliance

Switched

File-Based Virtualization

Database Virtualization

VirtualMemory

Client Application Streaming

Mobile Device Virtualization

Smartcard Virtualization

VirtualWorkspaces

Data Discovery

Obligation

Remediation

Exceptions Self Assessment

Program Mgmnt

Best Practices & Regulatory correlation

Image Management

Out of the Box (OTB) AutZ

Application Performance Monitoring

Security Knowledge Lifecycle

SecurityDesign

Patterns

Real-time internetwork defense (SCAP)

Cross Cloud Security Incident Response

User Behavior & Profile Patterns

Black Listing Filtering

Self-ServiceSecurity

Code Review

Application Vulnerability

Scanning

Stress and Volume Testing

Attack Patterns

Real Time

Filtering

Software Quality Assurance

Security Application Framwrok - ACEGI

Code Samples

Risk Management Framework

Employee Awareness

Security Job Aids

Security FAQ

Orphan Incident Management

Secure Build

Compliance Monitoring

Service Discovery

OTB AutN

Mobile Devices Desktops

Portable DevicesSmart AppliancesMedical Devices Handwriting

(ICR)

Speech Recognition(IVR)

Company owned Third-Party Public Kiosk

Consumer Service Platform

Social Media

Colaboration

Enterprise Service Platform

B2B B2C

B2E B2M

Search E-Mail P2Pe-Readers

Rules for Data Retention

Information Security Policies

Independent Risk Management

Operational Security Baselines Job Aid Guidelines Role Based Awareness

Business Assessment

TechnicalAssessment

Data-in-use Encryption (Memory)

Incident Response Legal Preparation

Key Risk Indicators

Fixed Devices

Mobile Device Management

Equipment Maintenance

Data Segregation

Input Validation

Planning Testing

Environmental Risk ManagementPhysical Security

Equipment Location

Power Redundancy

Network Segmentation

Authoritative Time Source

White Listing

White Listing

Operational Risk Committee

End Point

Entitlement Review

Sensitive File Protection

Behavioral Malware Prevention

Hypervisor Governance and Compliance

Vertical Isolation

Behavioral Malware Prevention

Behavioral Malware

Prevention

Secure Sandbox



Mapping from CCM to TCI



How to Use the Architecture

BOSS ITOS Presentation SRM

Application

Information

Infrastructure

• Control Mapping• Operational Checklists

Assess the opportunity

Reference ArchitectureCSA Controls MatrixCSA Consensus Assessment

Security Framework and Patterns



Interactive Website


Documents

Trusted Cloud Initiative Work Group Session