Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security...
Transcript of Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security...
![Page 1: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/1.jpg)
0 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Cloud Security & StandardizationMarkku SiltanenTietoturvakonsulttiCISA, CGEIT, CRISC
![Page 2: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/2.jpg)
1 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Cloud computing
![Page 3: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/3.jpg)
2 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Characteristics of cloudHigh anonymity due to lack of contract statementsHigh risk of third party’s attacks through the InternetHuge impact of one incident to multiple consumersHigh risks of harmful individuals using enormous resourcesPossibility that customers’ assets may be seized or investigated by law-enforcement agenciesDifficulty of proving data being lawfully treated
![Page 4: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/4.jpg)
3 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Security defence in depth in the cloud
![Page 5: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/5.jpg)
4 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Cloud threatsAbuse and malicious use of cloudInsecure interfaces and APIsMalicious InsidersShared technology issuesData loss or leakageAccount or service hijackingUnknown risk profileBrowsers and their very complicated environments
![Page 6: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/6.jpg)
5 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Typical cloud related security risksAttacks from outside against ICT resources in the cloud
Effects of cyber terrorism, malicious scans and DDoS can be considerable
Attacks to the outside using cloud as a steppingstoneCloud as a tool for mounting attacks on sites outside the cloud
Attacks on cloud users from ICT resources within the cloudEDoS attacks to cause monetary losses and information leaks caused by unauthorized data transfers
Incidents internal to cloud service providersMalicious actions by individuals or mistakes in operation
Malicious use of cloud ICT resourcesMaking use of ICT resources in the cloud for engaging in some sort of criminal behavior
Incidents in the cloud not related to attacksPower outages, sw/hw faults, other unexpected incidents
![Page 7: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/7.jpg)
6 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Cloud security focus areasConfidentiality
Data residency; Access control
IntegrityEnsuring data has not been tampered with; Compliance; Trust and reputation; Acceptable use policies; Certification; Auditing; E-Discovery; Mergers & acquisitions; Data protection
AvailabilityBusiness continuity; Disaster recovery; DDoS etc.; Regime for patching, security updates etc.; Up-time commitments; System performance commitments
![Page 8: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/8.jpg)
7 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Shared responsibilities – management
![Page 9: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/9.jpg)
8 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Shared responsibilities – operation
![Page 10: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/10.jpg)
9 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Shared responsibilities – technology
![Page 11: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/11.jpg)
10 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Cloud standardizationTraditional IT standards organizations and industrial alliances represented by DMTF, OGF and SNIA (and NIST)Traditional telecommunications and Internet standards organizations represented by ITU, ISO, IEEE and IETFEmerging standards organizations represented by CSA, OCC and CCIFIssue: wide ranges of related standardization
Network, storage, server, operations mgmt, authentication, security, etc.
Fujitsu is engaged in DMTF/CMDBf, DMTF/CMWG, DMTF/CIM-RS, OASIS/SAF, OGF/OCCi, CSA, JTC1/SC38, etc.DMTF board, OGF board, OASIS SAF WG chair, JTC1/SC38 (vice chair)
![Page 12: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/12.jpg)
11 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Fujitsu Cloud CERTCentralized monitoring and Vulnerability assessment Fujitsu Cloud CERT monitors IDS/IPS of each FGCP/S5cloud and executes vulnerability scanning test
Security monitoring for 24 hours x 7 days by operatorsReal-time alerting when invasion is detectedMonthly statistical report of attacks against the service environment Providing archived IDS log when security incident occurs on the service
![Page 13: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/13.jpg)
12 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Security Countermeasures (FGCP)
SLA of 99.99% system availability and confidentiality & integrity for business needs
Authentication &ID management
Accesscontrol
Audit trailmanagement
Centralizedmanagement
Encryption& Key
management
Design ofavailability
Physicalsecurity
Authentic method using client-certificates and PIN.
Thoroughgoing identity management and confidential information management using LDAP.
VLAN based logical isolation.Access control based on roles.
Log management from viewpoints of “Management", “Control", and “Security".
Centralized control of customers’ environment & events using integrated management console.
Adopting client-certificates published with government recommended algorithm.Managing Certificate Revocation List (CRL).
Availability based on redundant cabinet.
Complete redundancy of parts, components, and networks.
Getting certified as the first data center to be the AAA (top rating) grade fromI.S.Rating Co.,Ltd,
specialty company for rating information security.
![Page 14: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/14.jpg)
13 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Data masking technology (under dev’t)Filters and obscures sensitiveinformation exchanged amongclouds, based on anonymizationtechnology
![Page 15: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/15.jpg)
14 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic
Strong authentication as a Service (dev’t)We plan to make it feasible to authenticate groups on the scale of 10 million people; rapid multimodal biometric identification
![Page 16: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity](https://reader030.fdocuments.us/reader030/viewer/2022041100/5ed74a7cc079a632805800fc/html5/thumbnails/16.jpg)
15 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic