+ All Categories
Home > Documents > Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security...

Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security...

Date post: 30-May-2020
Category:
Upload: others
View: 2 times
Download: 0 times
Share this document with a friend
16
Copyright 2011 FUJITSU Cloud Security & Standardization Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC
Transcript
Page 1: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

0 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Cloud Security & StandardizationMarkku SiltanenTietoturvakonsulttiCISA, CGEIT, CRISC

Page 2: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

1 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Cloud computing

Page 3: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

2 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Characteristics of cloudHigh anonymity due to lack of contract statementsHigh risk of third party’s attacks through the InternetHuge impact of one incident to multiple consumersHigh risks of harmful individuals using enormous resourcesPossibility that customers’ assets may be seized or investigated by law-enforcement agenciesDifficulty of proving data being lawfully treated

Page 4: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

3 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Security defence in depth in the cloud

Page 5: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

4 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Cloud threatsAbuse and malicious use of cloudInsecure interfaces and APIsMalicious InsidersShared technology issuesData loss or leakageAccount or service hijackingUnknown risk profileBrowsers and their very complicated environments

Page 6: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

5 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Typical cloud related security risksAttacks from outside against ICT resources in the cloud

Effects of cyber terrorism, malicious scans and DDoS can be considerable

Attacks to the outside using cloud as a steppingstoneCloud as a tool for mounting attacks on sites outside the cloud

Attacks on cloud users from ICT resources within the cloudEDoS attacks to cause monetary losses and information leaks caused by unauthorized data transfers

Incidents internal to cloud service providersMalicious actions by individuals or mistakes in operation

Malicious use of cloud ICT resourcesMaking use of ICT resources in the cloud for engaging in some sort of criminal behavior

Incidents in the cloud not related to attacksPower outages, sw/hw faults, other unexpected incidents

Page 7: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

6 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Cloud security focus areasConfidentiality

Data residency; Access control

IntegrityEnsuring data has not been tampered with; Compliance; Trust and reputation; Acceptable use policies; Certification; Auditing; E-Discovery; Mergers & acquisitions; Data protection

AvailabilityBusiness continuity; Disaster recovery; DDoS etc.; Regime for patching, security updates etc.; Up-time commitments; System performance commitments

Page 8: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

7 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Shared responsibilities – management

Page 9: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

8 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Shared responsibilities – operation

Page 10: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

9 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Shared responsibilities – technology

Page 11: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

10 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Cloud standardizationTraditional IT standards organizations and industrial alliances represented by DMTF, OGF and SNIA (and NIST)Traditional telecommunications and Internet standards organizations represented by ITU, ISO, IEEE and IETFEmerging standards organizations represented by CSA, OCC and CCIFIssue: wide ranges of related standardization

Network, storage, server, operations mgmt, authentication, security, etc.

Fujitsu is engaged in DMTF/CMDBf, DMTF/CMWG, DMTF/CIM-RS, OASIS/SAF, OGF/OCCi, CSA, JTC1/SC38, etc.DMTF board, OGF board, OASIS SAF WG chair, JTC1/SC38 (vice chair)

Page 12: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

11 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Fujitsu Cloud CERTCentralized monitoring and Vulnerability assessment Fujitsu Cloud CERT monitors IDS/IPS of each FGCP/S5cloud and executes vulnerability scanning test

Security monitoring for 24 hours x 7 days by operatorsReal-time alerting when invasion is detectedMonthly statistical report of attacks against the service environment Providing archived IDS log when security incident occurs on the service

Page 13: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

12 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Security Countermeasures (FGCP)

SLA of 99.99% system availability and confidentiality & integrity for business needs

Authentication &ID management

Accesscontrol

Audit trailmanagement

Centralizedmanagement

Encryption& Key

management

Design ofavailability

Physicalsecurity

Authentic method using client-certificates and PIN.

Thoroughgoing identity management and confidential information management using LDAP.

VLAN based logical isolation.Access control based on roles.

Log management from viewpoints of “Management", “Control", and “Security".

Centralized control of customers’ environment & events using integrated management console.

Adopting client-certificates published with government recommended algorithm.Managing Certificate Revocation List (CRL).

Availability based on redundant cabinet.

Complete redundancy of parts, components, and networks.

Getting certified as the first data center to be the AAA (top rating) grade fromI.S.Rating Co.,Ltd,

specialty company for rating information security.

Page 14: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

13 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Data masking technology (under dev’t)Filters and obscures sensitiveinformation exchanged amongclouds, based on anonymizationtechnology

Page 15: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

14 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic

Strong authentication as a Service (dev’t)We plan to make it feasible to authenticate groups on the scale of 10 million people; rapid multimodal biometric identification

Page 16: Cloud Security & Standardization · Glen Koskela, CTO Nordic 12 Copyright 2011 FUJITSU Security Countermeasures (FGCP) SLA of 99.99% system availability and confidentiality & integrity

15 Copyright 2011 FUJITSUGlen Koskela, CTO Nordic


Recommended