Shekhar Kirani - Enterprise and Cloud Computing: Clouded Security?

  • View

  • Download

Embed Size (px)


The session will provide a 360-degree view on how enterprises can compete effectively by opening up their previously closed networks to business partners, customers, and their own increasingly mobile workforce - while managing security and associated risks. Kirani will also share practical examples from Indian and global enterprises that have secured critical business interactions and operations successfully.

Text of Shekhar Kirani - Enterprise and Cloud Computing: Clouded Security?

  • 1. Enterprise and Cloud Computing Clouded Security?Dr. Shekhar KiraniVice President and Country Manager, VeriSign India10/08/09 11

2. Digital World: How it looks?1.3BGlobal Internet Users1.5TE-mails177MWeb sites 1. Source: Forrester Research 2008 22. Source: Goldman Sachs 2007 CSO Survey 23. Source: Synovate 2008 Consumer Survey 3. Why Such a Growth?Enterprise interactions Have Become Enterprise InternetInteractions Enteprise Internet Interactions ->Enterprise Cloud InteractionsEfficiency & Convenience = $$$3 Source: 3_Resources/Domain_Name_Industry_Brief/index.html 4. What is Cloud Computing?Cloud Computing Is NOTGrid ComputingGrid ComputingDistributed computing that uses acluster of networked computers, acting in concert to perform a task 44 5. Defining Cloud ComputingCloud Computing Is NOTGrid Computing Utility ComputingUtility ComputingVirtualized computing resources, suchas computation and storage, offered as a metered serviceSun Grid Service Elastic Compute Cloud 55 6. Defining Cloud ComputingCloud Computing Is NOTGrid Computing Utility Computing SaaSSoftware-As-A-Service Delivery method of applications over the web using utility computing and multi-tenant architecture66 7. Defining Cloud ComputingCloud Computing Is NOTGrid Computing Utility Computing SaaSThen what is it?77 8. Defining Cloud ComputingCloud Computing ISGrid Computing Storage Infrastructure Identity Infrastructure+Utility Computing Security Infrastructure+ Application Integration and Mash-ups +SaaS Business IntelligenceBusiness Process Management88 9. Definition of Cloud ComputingSo, Cloud Computing is an emerging technology that: utilizes concepts of grid and utility computing to provide application services over the Internet along with all associated functions available withregular in-premise implementations and may work in conjunction within-premise resources99 10. Typical Enterprise Setup for Cloud Services CLOUD 1CLOUD 2CLOUD 3Different URLs with login-name/passwordDifferent URLs with login-name/passwordEnterprisecombination.combination.Account Provisioning is batch-modeAccount Provisioning is batch-modeSingle Sign-on is not yet present.Single Sign-on is not yet present.1010 11. Cloud Security BasicsEnd-to-end security is key for SaaS/PaaS/IaaS VendorsStronger SLA and security than enterprise security.Every resource is access controlled, logged, protected, andmanaged. Principle of Least Privileged.Weakest link in the security chain is always exploitedPhysical, network, transaction, customer, employee, consultant, etcLeast protected to more protectedSocial engineering will remain key attack method Security by Design: Before v/s After ThoughtCost and UsabilityLevel of SecurityLikelihood of exploitOpportunity to exploitDeterrence, Prevention, Identification, and Action 1111 12. The Identity Problem of Cloud Computing30%of Enterprises and SMBsview security as a top concern in SaaS172%believe Identity and78%Access Management isthe key security issue2 of consumers want morecontrol over securingtheir identity31. Source: Forrester Research 200812 2. Source: Goldman Sachs 2007 CSO Survey 123. Source: Synovate 2008 Consumer Survey 13. Weak Link 1: Phishing in SaaS CLOUD 1 Enterprise R O G U EA P 13 P 13 14. Solution: Secure (EV Certs) or Green Bar Certs 1414 15. Example: Green Browser BarPhishing Site Bar turned Red! 1515 16. Weak Link 2: Identity Theft CLOUD 1 Enterprise Rogue Emp 1616 17. Weak Link 2: Identity Theft CLOUD 1 Enterprise Rogue Emp 1717 18. Solution 2: Identity TheftCLOUD 1 Enterprise Rogue Emp1818 19. Solution: 2nd Factor (or 2nd Password)Offer a 2nd Factor solution in addition to login name/passwordWhat you know and What you haveOffer 2nd Factor across all types of devices (tokens, mobile, cards, etc).Identity theft requires a physical device to be stolen -> makes it hard! 1919 20. Solution: 2nd Factor (2nd Password) for Online Access2020 21. Weak Link 3: Application/Data SecurityEnterprise Rogue Emp 2121 22. Solution: Strong Enterprise Encryption SolutionsEmail Applications Encrypted Communication + =Endpoint SecurityDigital Certs Protected Assets and DataData Storage Secured Data at Rest2222 23. Weak Link 4: Insider Theft Sys Adm 1 Sys Adm 2 Rogue Adm EnterpriseNo Digital Cer.Digital Certificate. 2323 24. Solution: Strong AuthenticationWeb Applications Strong Web AuthenticationRemote AccessSecure Remote Access + = Digital Certs& Desktop Logon Multi-Factor Desktop Logon OTP Token NetworkingSecure Network Access2424 25. Weak Link 5: DDoS Attack on ServiceEnterprise Bot 1Bot 2 Bot 32525 26. Weak Link 5: DDoS Attack on ServiceEnterprise Bot 1Bot 2 Bot 32626 27. Infrastructure: Evolving and Sophisticated DDoS Attacks Attack Bandwidth VS (Normal) Bandwidth70 VoIP/CellPhone Worm? 60New threats due to150x increased nodes and 50adoption of IP-basedDNS Gbpsmobile devices 40 DNS Reflector100x 30Routing 20 Root Server Attacks Loop .COM AttacksSobigWorm50x 10AOL Microsoft40xNormal DNS Traffic 3x 30x 020002001 2002 200320042005 2006DDoS Packet Filtering During Attack Attack Bandwidth (Normal) Bandwidth 2727 28. SummaryCloud Services need to offer Strong SLA and Securitythan Enterprises can do on their own. Cloud Services need to demonstrate back-to-backSLA/Security throughout the SaaS/PaaS/IaaS chain. Clould Services need to demonstrate how they plan todo Deterrence, Prevention, Identification, and Actionagainst attacks Enterprise will move to Cloud if Security/PrivacyIssues are addressed2828 29. Thank you! 2929