View
1.402
Download
2
Category
Tags:
Preview:
Citation preview
Cloud SecurityDesign Considerations
Kavis Technology Consulting
What level of security is required
What level of security is required
•
•
•
•
•
What level of security is required
•
•
•
•
•
•
•
•
•
•
What level of security is required
•
•
•
•
•
•
•
•
•
•
What level of security is required
•
•
•
•
•
•
•
•
•
Security and Cloud Service Models
It’s allYou!
Public Clouds
Vendor supplies …- Infrastructure security
You do this
Vendor supplies …- Application Stack Security- Infrastructure Security
You do this
Vendor supplies …- Application Security- Application Stack Security- Infrastructure Security
You do this
Infrastructure Security
•
•
•
•
Applications Stack Security
•
•
•
•
Application Security
•
•
•
•
•••••
User security
•
•
•
Security across all service models
•
•
•
•
•
•
•
•
•
Source:https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
Key Security Areas of Focus
•
•
•
•
•
•
•
•
•
•
Security Strategies
Centralize
Standardize
Automate
Security Actions
Application
Detection
Prevention
Policy Enforcement
”Golden” Image
Cloud Servers
Deploy
••
•
•
•
•
Policy Enforcement
•
•
•
•
•
•
Policy Enforcement
••
•
•
•
•
•
•
Client Server
Data Store
Deploy
Admin Console
Policies
Encryption
••
•
••
••
•
•
Encryption
• Compliance
• Security
Usability
• Complexity
• Performance
Encryption
•••••
••••
••
Encryption
• Compliance
• Security
Usability
• Complexity
• Performance
Key Management
••
•
•
•
•
•
•
•
Applications
Users
Organizations
Account
Web Security
•
•
•
•
API Token Management
Do Not Roll Your Own
API Token Management
API Token Management
API Token Management
••
•
•
•
•
Patch Management
•
••
•
•
•
••
•
Monitoring
Security
Performance
Capacity
Uptime
Throughput
SLA
User metrics
Kpis
Log file analysis
IntrusionDetection
TroubleShooting
Logging
Source: http://www.thoughtworks.com/continuous-delivery
Continuous Deployments
Maintaining Consistent Environments
AutomationManage
TrackAdminister
• Self Provision
• Charge Back
• Access Control
• Policies
• Audits
ID Management
Centralized
LDAP
Facade
Entity 1 Entity 2 Entity n
CSP 1 CSP 2 CSP 3
USE CASEs Business to Business
Internal costumers
Known Customers
Advantages Central control
Roles, and groups
termination
ID Management
deCentralizedUSE CASEs Business to Consumer
Open registration
Large Number of
enrollees
Advantages Must accept terms
Simple integration
with Partners
Source: http://static.springsource.org/spring-social/docs/1.0.x/reference/html/serviceprovider.html
Thank You
For details on this topic and others go to my blog
www Kavistechnology com
Images courtesy of www.thinkstockphotos.com
Recommended