Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right

© 2014 IBM Corporation

IBM Security

1© 2014 IBM Corporation

Hybrid Cloud is the New Normal:

4 Key Security Steps you Need to Get it Right


IBM Security

2

Agenda

Cloud Computing: Many Choices; New Security Challenges

3 Cloud Security Requirements

–Govern Cloud Usage and Manage Access

–Protect Cloud Workloads and Data

–View Cloud Security Events and Detect Threats

4 Keys to Cloud Security

–Manage Access

–Protect Data

–Gain Visibility

–Optimize Security Operations (Cloud and Traditional)


IBM Security

3

Cloud is rapidly transforming the enterprise

External StakeholdersTraditional Enterprise IT

Public CloudPrivate Cloud

PaaSDevelopment

services

SaaSBusiness

applications

IaaSInfrastructure

services

100+ IBM Offerings

HR,CRM, SCM

Data archive

App development

100+ IBM Offerings

Online website


IBM Security

4

Cloud is an opportunity to radically transform security practices

Cloud-enhanced SecurityStandardized, automated,

customizable, and elastic

Traditional SecurityManual, static,

and reactive

Cloud security is an opportunity

to improve defenses and reduce risk


IBM Security

5

Cloud Security Requirements

Detect threats with visibility across clouds

Govern theusage of cloud

Protect workloads and data in the cloud

How can I understand who is accessing the cloud

from anywhere, at anytime?

How can I fix vulnerabilities and defend against attacks before they’re exploited?

How can I obtain a comprehensive view of cloud and traditional environments?

“I can take advantage of centralized cloud logging and auditing

interfaces to hunt for attacks.”

“Going to the cloud gives me a single

choke point for all user access ‒ it provides much more control.”

“Cloud gives me security APIs and

preconfigured policies to help protect my data

and workloads”

6 © 2014 IBM Corporation

4 Keys to Cloud Security


IBM Security

7

Cloud Security Domains

SaaSPaaSIaaS

Cloud Security

Optimize Security Operations

ManageAccess

ProtectData

GainVisibility


IBM Security

8

Manage Access


IBM Security

9

IAM Use Cases

Key Concept: Build an Integrated Identity and Access System for Traditional and Cloud Destinations

• Outsource IAM infrastructure to cloud, hosted service

• Extend on premise IAM to cloud, hosted service

• Enable LOB users to SSO and govern SaaS access

from the cloud

• Integrate authentication and SSO into new apps

using identity as API

• Manage cloud administration and workload access

SaaS

PaaS

IaaS

Cloud-Hosted

IAM

IDaaSOn Premise

IAM

Manage Access


IBM Security

10

Protect Data


IBM Security

11

Key Concept: Understand and Control Cloud Data Flows

Assess application and data store vulnerabilities

Monitor data activity to, from and on the cloud

Encrypt data at rest in IaaS and PaaS systems

Mask and/or redact responses from cloud applications

Tokenize data sent to cloud applications, especially SaaS

Protect Data


IBM Security

12

Gain Visibility


IBM Security

13

Key Concept: Get Security Intelligence Across the Hybrid Cloud

Gain Visibility

SaaS Applications

Infrastructure-as-a-ServicePrivate Virtualized Datacenter

Solution Benefits

• Improved security and visibility into virtual Infrastructures

• Better visibility into logs coming from their sensors across the environment

• Support ad hoc search across large data

Cloud Security Intelligence


IBM Security

14

EventProcessor

FlowProcessor Workload on

premise

Console

QRadar and the Cloud – SaaS and Cloud Infrastructure Collection

DS

M

Gain Visibility


IBM Security

15

or

EventProcessor

FlowProcessor Workload on

premise

Console

QRadar in the Cloud – Following the workload

EventCollector

VP

N

Gain Visibility


IBM Security

16

QRadar in the Cloud – Monitoring On Premises & IaaS/PaaS

EventCollector

FlowCollector

EventCollector Event

Collector

EventProcessor

FlowProcessor

Console

or

QVM Scanner

VP

N

Gain Visibility


IBM Security

17



IBM Security

18

Key Concept: Use the Cloud to Optimize Cloud Security

Deploy security services on the cloud when

–Significant amount of IT and LOB systems moved to the cloud

–Fastest way to implement security and get high availability

–Cost efficient way to expand geographical footprint

Select cloud hosted security services to

–Reduce capital outlay

–Eliminate systems management issues

Select managed security services to

–Augment or replace in-house security expertise

–Combat advanced threats

– Increase overall security maturity



IBM Security

19

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties

or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use

of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in

which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion

based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,

the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other

countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and

response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,

misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product

should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use

or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily

involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT

THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY

http://www.ibm.com/security

Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right

Documents

Transcript of Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right