SECURITY AS A SERVICE: CHALLENGES AND UNDERSTANDING

TELECOM PARIS TECH- FRANCEFOUAD GUENANE

26/02/2015

AGENDA Context Security As A Service Hybrid Deployment Architecture Cloud Based Deployment Architecture Futur works Conclusion

Context In 2013, 60% of companies were DDoS-attacked, up

from 35% experiencing a disruptive attack in 2012 (Neustar Annual Report 2014)

87% of companies attacked were hit multiple times In 2013, 74% of companies reported that DDoS attacks

lasted less than a day (16% between 1-2 days). Attacks between 1-5 Gbps represent approximately 20%

(One amplification attack this year measured 400 Gbps)

Context DDoS drains manpower: over half of businesses (57%)

need 6 or more people to mitigate DDoS attacks For small and medium businesses (up to 5 Mbps of Internet

connectivity): Deployment and maintenance are estimated to $116,075 for

the first year An annual cost of $108,200

Hence, there is a growing interest in outsourcing security services to a Cloud provider in order to reduce firewall management and deployment costs

Security As A Service Security-as-a-service (SaaS) is an outsourcing

model for security management. Typically, Security as a Service involves

applications such as anti-virus software delivered over the Internet

But the term can also refer to security management provided in-house by an external organization. (Cloud Security Alliance)

Security As A Service

First line of defense Expensive costs which

include: Human resources and

training Maintenance, updates and

the price of licenses Deployment costs

Limited resources

High availability Ability to add or remove

firewalls dynamically Increase in processing

capacity (Throughput) Centralized or distributed

management Provisioning of resources

(needs)

Physical Firewall Virtual Firewall

Hybrid Deployment Architecture

Hybrid Deployment Architecture

We explore two mechanisms:

Secure Forwarding Architecture Secure Sharing Architecture

9

Secure Forwarding Architecture

9

10

Secure Forwarding Architecture

10

Cloud Based Deployment Architecture

Cloud Based Deployment Architecture

The general model proposed looks like a huge proxy or proxy server and consists of three main components:

Front Gatew

ay

Instances de

Firewall

Back Gatew

ay

Cloud Based Deployment Architecture

Futur Projects Security and Privacy in Cloud governance Inter-Cloud (interconnection of Cloud

Provider) RFID Technologies for Tracability Green Computing …etc.

Conclusion Innovative architecture to effectively manage

the performance and reliability in a cloud-based firewall

Encouraging and promising preliminary results network administrators could manage their

infrastructure with the expertise of their Cloud provider for better exploitation