Date post: | 16-Jul-2015 |
Category: |
Technology |
Upload: | mark-nunnikhoven |
View: | 151 times |
Download: | 0 times |
SECURITY OF THE CLOUDa providers view of security
@marknca
Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca
Modelling security for the cloud
TRADITIONAL ResponsibilitY
Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization
SHARED ResponsibilitY
Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization Service Options
SHARED ResponsibilitY
Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization Service Options
Verify
Physical
Network
Virtualization
Operation System
Application
Data
DIY SaaSIaaS PaaS
*you
Less responsibilities
CONSUMER
More responsibilities
Less responsibilities
CONSUMER
More responsibilities
PROVIDER
Less responsibilities
More responsibilities
PROVIDER
OF the cloud
SHARED ResponsibilitY
PhysicalInfrastructureNetworkVirtualization
Operating SystemApplicationData
SHARED ResponsibilitY
PhysicalInfrastructureNetworkVirtualizationOperating SystemApplicationData
SHARED ResponsibilitY
PhysicalInfrastructureNetworkVirtualizationOperating SystemApplicationData
PhysicalInfrastructureNetworkVirtualization
SaaS
PaaS
IaaS
PHYSICAL
Multiple data centres per region Multiple regions available [ 11 | 17 ] Operation endpoints around the world
AWS: hּמp://aws.amazon.com/about-aws/global-infrastructure/ Azure: hּמp://azure.microsoﬞ.com/en-gb/regions/
INFRASTRUCTURE
Redundant interconnects Hardline connects to customers Redundant power, HVAC
AWS: hּמp://aws.amazon.com/directconnect/ Azure: hּמp://azure.microsoﬞ.com/en-gb/services/expressroute/
NETWORK
Publicly accessible know IPv4 space IPv6 support (*AWS ELB only) Private routing, subnet, ACLs
VIRTUALIZATION
Process isolation [ XEN, HyperV ] Image integrity Resource isolation
Verify
AWS
More details at hּמp://aws.amazon.com/compliance/
PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3 ISO 9001 IRAP (.au) FIPS 140-2
Current certificationsCJIS CSA FERPA HIPAA FedRAMP (SM) DoD CSM 1-2, 3-5 DIACAP
ISO 27001 MTCS 3 ITAR MPAA G-Cloud Section 508/VPAT FISMA
Azure
More details at hּמp://azure.microsoﬞ.com/en-us/support/trust-center/compliance/
PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3 ISO 9001 IRAP (.au) FIPS 140-2 ISO 27002 CCCPPF
Current certificationsCJIS CSA FERPA HIPAA FedRAMP (SM) DoD CSM 1-2, 3-5 DIACAP EU Model Clauses MLPS (.cn)
ISO 27001 MTCS 1 ITAR MPAA G-Cloud Section 508/VPAT FISMA FDA 21 CFR
FOCUS
PCI DSS Level 1 SOC 2/3 SOC 1/ISAE 3402
Certifications
FOCUSCertifications
Security Security Baseline
PCI DSS Level 1 SOC 2SOC 1/
AWS Compliance hּמp://aws.amazon.com/compliance/
Microsoﬞ Azure Trust Center hּמp://azure.microsoﬞ.com/en-us/support/trust-center/
Just because the provider is certified doesn’t mean your deployment will be. You have work to do.
Anonymous AWS employee
Options : Responsibilities
TREND MICRO’s DEEP SECURITYAnti-malware Content filtering Firewall Intrusion Prevention Integrity Monitoring Log Inspection
Learn more at aws.trendmicro.com