Upload
open-data-center-alliance
View
98
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Everyone knows that there are risks associated with moving enterprise data to a Cloud and everyone knows the huge potential that the analytics of Big Data can bring especially when using the Cloud, but what happens when these two converge. The presentation will discuss some of the security and privacy challenges associated with Big Data in the Cloud and will present a number of key initiatives that the ODCA have done to support enterprises that wish to take this step. To listen to the webinar based on this presentation with audio please visit the ODCA BrightTalk channel: https://www.brighttalk.com/webcast/9831/109843
Citation preview
BIG DATA, CLOUD, SECURITY, AND ODCA USAGE MODELS
Ian LamontBMW AG
ODCA Big Data and Security Seminar | 2
BIG DATA (WIKIPEDIA)
Big Data is the term for a collection of data sets
so large that it becomes difficult to process
using hands-on database management tools
and processing applications. The challenges
include capture, curation, storage, search,
sharing, transfer, analysis, and visualisation.
ODCA Big Data and Security Seminar | 3
CHALLENGES
• Privacy (particularly in Europe)- Security- Valid and fair usage- Right to be forgotten- Jurisdiction
ODCA Big Data and Security Seminar | 4
BIG DATA (WIKIPEDIA)
Big Data is the term for a collection of data sets
so large that it becomes difficult to process
using hands-on database management tools
and processing applications. The challenges
include capture, curation, storage, search,
sharing, transfer, analysis, and visualisation.
ODCA Big Data and Security Seminar | 5
BIG DATA SECURITY
ODCA Big Data and Security Seminar | 6
PLATFORM SECURITY
• Provider Assurance Usage Model- Provides standard definitions of
Security for Cloud Services- Bronze, Silver, Gold, and Platinum.- Mirror internal security levels to
external requirements.
ODCA Big Data and Security Seminar | 7
NETWORK AND FIREWALL ISOLATION
Network segregation and firewalls are required to protect all assets managed in the cloud. The level of involvement of the cloud provider in the management of firewall rule sets will vary depending on the level of service offered.
BronzeThe firewall rule sets are managed by the cloud provider with no direct involvement of the cloud subscriber.
SilverThe firewall rule sets are managed by the cloud provider with changes advised to the cloud subscriber before implementation. The cloud provider should offer network segmentation between logical tiers.
Gold
The firewall rule sets are managed by the cloud subscriber. The cloud provider retains access to the firewall at the administrator level in order to provide system maintenance. The cloud provider must offer network segmentation between logical tiers and should offer Layer-7 protection to prevent application-level attacks.
PlatinumThe cloud provider has no access to firewalls. All admin tasks including rule updates are managed by the cloud subscriber. The cloud provider must offer network segregation between logical tiers and Layer-7 protection to prevent application-level attacks.
ODCA Big Data and Security Seminar | 8
VULNERABILITY MANAGEMENT
A vulnerability management process that ensures installation of system and software patches within the targets is identified below. The test process must ensure proper function of the patch and compatibility to the actual target systems with no negative impact on resource utilization (i.e., memory and CPU consumption).
BronzeVulnerabilities with a basic Common Vulnerability Scoring System (CVSS) score of greater than 9 (or those rated as High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.
SilverVulnerabilities with a basic CVSS score of greater than 5 (or those rated as Medium or High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.
GoldVulnerabilities with a basic CVSS score of greater than 2 (or those rated as Low, Medium, or High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.
Platinum All vulnerabilities must be patched within 24 hours of their release by the vendor.
ODCA Big Data and Security Seminar | 9
PLATFORM SECURITY
ODCA Big Data and Security Seminar | 10
BIG DATA SECURITY
ODCA Big Data and Security Seminar | 11
DATA SECURITY
• Encryption- Data at Rest- Data in Transit
• Data Masking- Anonymization and Pseudonymization
• Access Methods- User type profiling
• Backup, Restore, and Archiving
ODCA Big Data and Security Seminar | 12
DATA LIFECYCLE
ODCA Big Data and Security Seminar | 13
ACCESS POINTS
ODCA Big Data and Security Seminar | 14
DATA FLOW 1
ODCA Big Data and Security Seminar | 15
DATA FLOW 2
ODCA Big Data and Security Seminar | 16
IDENTITY AND ACCESS MANAGEMENT
• Identity Provisioning• Governance and Auditing• Privileged User Access• Single Sign On
ODCA Big Data and Security Seminar | 17
IDM BASIC MODEL
ODCA Big Data and Security Seminar | 18
IDM CLOUD MODEL
ODCA Big Data and Security Seminar | 19
IDM GOVERNANCE
ODCA Big Data and Security Seminar | 20
OTHER ODCA COLLATERAL
• Security Monitoring• Interoperability• Guide to• SaaS Interoperability• Information as a Service• also Data Mgmt for Info_aaS• and much more ……
ODCA Big Data and Security Seminar | 21
OTHER PROBLEMS / CHALLENGES !!!
• e-Discovery (UM coming soonish)• Data Ownership• plus anything else you can think of !
ODCA Big Data and Security Seminar | 22
StandardizedResponse Checklists
Accelerate TTM
Shared Practices Drive Scale
Streamlined Requirements
Accelerate Adoption
Available to Members at: www.opendatacenteralliance.org
URL for Public content: www.opendatacenteralliance.org
MORE INFORMATION AND ASSETS
ODCA Big Data and Security Seminar | 23
Go forth (securely) and Big Data
QUESTIONS
Artist: Thierry Gregorius
ODCA Big Data and Security Seminar | 24
Thank you KiitosMerci
Gracias
Danke
GrazieArigato Gozaimas
www.opendatacenteralliance.org