Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | matilda-garrison |
View: | 216 times |
Download: | 0 times |
SECURITY AS A SERVICE: CHALLENGES AND UNDERSTANDING
TELECOM PARIS TECH- FRANCEFOUAD GUENANE
26/02/2015
AGENDA Context Security As A Service Hybrid Deployment Architecture Cloud Based Deployment Architecture Futur works Conclusion
Context In 2013, 60% of companies were DDoS-attacked, up
from 35% experiencing a disruptive attack in 2012 (Neustar Annual Report 2014)
87% of companies attacked were hit multiple times In 2013, 74% of companies reported that DDoS attacks
lasted less than a day (16% between 1-2 days). Attacks between 1-5 Gbps represent approximately 20%
(One amplification attack this year measured 400 Gbps)
Context DDoS drains manpower: over half of businesses (57%)
need 6 or more people to mitigate DDoS attacks For small and medium businesses (up to 5 Mbps of Internet
connectivity): Deployment and maintenance are estimated to $116,075 for
the first year An annual cost of $108,200
Hence, there is a growing interest in outsourcing security services to a Cloud provider in order to reduce firewall management and deployment costs
Security As A Service Security-as-a-service (SaaS) is an outsourcing
model for security management. Typically, Security as a Service involves
applications such as anti-virus software delivered over the Internet
But the term can also refer to security management provided in-house by an external organization. (Cloud Security Alliance)
Security As A Service
First line of defense Expensive costs which
include: Human resources and
training Maintenance, updates and
the price of licenses Deployment costs
Limited resources
High availability Ability to add or remove
firewalls dynamically Increase in processing
capacity (Throughput) Centralized or distributed
management Provisioning of resources
(needs)
Physical Firewall Virtual Firewall
Hybrid Deployment Architecture
Hybrid Deployment Architecture
We explore two mechanisms:
Secure Forwarding Architecture Secure Sharing Architecture
9
Secure Forwarding Architecture
9
10
Secure Forwarding Architecture
10
Cloud Based Deployment Architecture
Cloud Based Deployment Architecture
The general model proposed looks like a huge proxy or proxy server and consists of three main components:
Front Gatew
ay
Instances de
Firewall
Back Gatew
ay
Cloud Based Deployment Architecture
Futur Projects Security and Privacy in Cloud governance Inter-Cloud (interconnection of Cloud
Provider) RFID Technologies for Tracability Green Computing …etc.
Conclusion Innovative architecture to effectively manage
the performance and reliability in a cloud-based firewall
Encouraging and promising preliminary results network administrators could manage their
infrastructure with the expertise of their Cloud provider for better exploitation