Published on March 6, 2014
“I don’t need a hard disk in my computer if I can get to the server faster… carrying around these non-connected computers is byzantine by comparison.” – Steve Jobs CLOUD SECURITY IN EGOV Anubhav Tyagi Sr. Solutions Architect(India & SAARC) Anubhav.Tyagi@safenet-inc.com 1 1 1
Governance to eGovernance……. > Analytics From missing information to delays in getting the information TO real time analytics > Efficiency From manual work processes with lost bandwidth in finding the files as well as status of a particular work item TO a central system that allows for tracking of work status of a particular item without having to ask anyone > Visibility From scattered information on physical files TO a consolidated dashboard that can be accessed from anywhere
Traditional vs. Virtual/Cloud Software representation of Hardware Traditional Architecture Virtual Architecture BENEFITS • Almost zero upfront infrastructure investment • Just-in-time Infrastructure • More efficient resource utilization • Usage-based costing • Reduced time to market ………………………………………………………………..& more
Data Security Gaps Remain How secure is my data in a virtualized world? VMs are easy to copy (and steal). App App App App App App App OS OS OS OS OS OS OS VMs are easy to move. Hypervisor Hardware Layer Storage Snapshots © SafeNet Confidential and Proprietary VMs introduces a new class of privileged users and administrators - server, storage, backup, and application - all operating independently. VMs have multiple snapshots and backups of data. Backup 5
Cloud Security – The Issues! Technology Concerns Data Location Data Segregation Identity/Federation Hypervisor Vul. Distributed Storage Privileged User Access Control Concerns Compliance issues Legal Audits Visibility Change Control SLA 6
Security Tops List of Cloud Challenges Security 88.5% Performance 88.1% Availability 84.8% Hard to integrate with in-house IT Not enough ability to customize Worried cloud will cost more Bringing back in-house may be difficult Not enough major suppliers yet 84.5% 83.3% 81.1% 80.3% 74.6% 65% 70% 75% Source: Frank Gens & IDC Enterprise Panel 80% 85% 90%
Challenges in Virtualized & Cloud Environments Data Governance Lack of Visibility Data Compliance Lack of Data Control Data Protection Risk of Breach and Data Loss © SafeNet Confidential and Proprietary • Do I know where all my data instances are? • Can I trace every legitimate replication/copy/instantiation event of my data? • Can I trace unauthorized copying of my data? • Who is accessing my data? • Can I enforce an effective access control policy? • Can I present a trusted audit trail of all access events to my data? • Are all my data instances secure? • Can I assure only authorized access to my data? • Can I “pull the plug” on data that’s at risk of exposure? 8
When you’re moving to the cloud: How do you maintain ownership and control of your data in a multi-tenant environment? How do you extend data governance and compliance to internal and external mandates?
Protection needs to be centered on data itself Data-centric Protection Security Strategy Objectives Data Confidentiality Integrity Non Repudiation Authenticity 10
Emergence of Encryption as a Unifying Cloud Security Control Encryption is a fundamental technology for realizing cloud security Isolate data in multi-tenant environments Recognized universally by analysts and experts and underlying control for cloud data Sets a high-water mark for demonstrating regulatory compliance adherence for data
Encryption Already Prescribed or Implied Externally Mandated Governmental, regional, industry mandates Defines penalties and best-practices Internally Mandated Core intellectual Property Insider abuse concerns Crusader abuse (wikileaks)
IT Act of India Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person to affected So What? Financial Penalties to the Organization Loss of Reputation
Encryption enables Governance / Compliance Ownership and Control Data Security Know about every access event Location agnostic Non repudiation and attestation Set effective access policies Separation of duties Data shredding Prevent leaks or unauthorized access Data isolation Sprawl resistant 14
Cloud Security Goals Security Goals 1 2 3 4 5 6 Controlling Access to Infrastructure and Applications; Federating Identities Cloud Security Solutions Secure Access Control Achieving Compliant Isolation and Separation of Duties in Multi-Tenant Environments Secure Virtual Machines Maintaining Trust & Control in Virtual Storage Volumes Secure Virtual Storage Securing Virtualized and Cloud Applications Without Impacting Performance Secure Applications Maintaining Ownership of Keys; Securing PKI-Based Identities; Auditing Transactions Securing Communications Without Impacting Performance; Connecting Securely to Clouds Secure Identities and Transactions Secure Communications
SOLUTION Secure Access to SaaS: Multi-Factor Authentication Protect access to cloud-based applications via centrally managed authentication Cloud Applications SaaS Apps Salesforce.com Federated SSO to the cloud Goggle Apps Security Features Single authentication solution for both on-premise and cloud based applications Solution should be form-factor agnostic: support for HW OTP tokens, SW solutions ,Out of Band etc User authenticates using enterprise identity Authentication Manager
Virtual Instance Encryption A protected, monitored container for your “stuff” Unlimited Copying of Instances Instances could be copied without awareness Instances used by competitors and malicious users Enables unlimited brute force attacking Reduced Risk Data isolation in encryption Pre-boot authentication enables control Creates audit trail in “the sky” Who, when, where, how, etc. Solves rogue instance problem
SOLUTION Secure Cloud-Based Communications: High Speed Encryptors Transfer encrypted data communications at high-speed from enterprise to the cloud On-premise Private High Speed Encryption Security Features Multi-Gigabit L2 Low-Latency Encryption Should be Best-in-class FIPS 140-2 Level 3 Security Certified Central policy management and seamless integration Data redundancy Real time data transmission Continuous, Encrypted data transmission
Core objectives of Cloud Computing Amazon CTO Werner Vogels Core objectives and principles that cloud computing must meet to be successful: Security Scalability Availability Performance Cost-effective Acquire resources on demand Release resources when no longer needed Pay for what you use Leverage others’ core competencies Turn fixed cost into variable cost 19
Secure Virtual Storage Secure Cloud Applications Secure Cloud-Based Identities and Transactions Secure Virtual Machines Secure Cloud-Based Communications Secure Access to SaaS On-premise
Thanks Anubhav Tyagi Sr. Solutions Architect(India & SAARC) Anubhav.Tyagi@safenet-inc.com
... Big Data Analytics, Networking, Cloud Computing & Security ... Shri Anubhav Tyagi, Safenet ... eBihar 2014 - Emerging Technologies - Big ...
eBIHAR 2014 Day-1 (19 th February 2014) 9 ... Big Data Analytics, Networking, Cloud Computing & Security: ... Information Technology, Government of Bihar ...
eBihar 2014 Emerging IT Destination. ... Big Data Analytics, Networking, Cloud Computing & Security. ... Anubhav Tyagi, ...
... mriu-brochure-2014 ... , Computer Science & Engg. with specialization in Cloud Computing, Business Analytics ... Web Technology & Cyber Security ...
... wireless, business applications, cloud computing, analytics, ... we also report on the fast emerging realm ... We cover enterprise technology in ...