Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
1 like752 views
The document summarizes a security POC conducted by the ODCA to test provider assurance requirements for different cloud assurance levels (bronze, silver, gold, platinum). It discusses the challenges in implementing the requirements, outlines the testing methodology used, and summarizes the results and impact. Currently, no service providers are meeting all the requirements for gold-level assurance. The POC highlighted the need to refine both the usage models and RFP requirements to better enable adoption of these tiered security offerings.
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
- 1. Security POC June 12, 2012 Matt Lowth Jeffrey Deacon Albert Caballero Principal Security Architect Chief Cloud Strategist Chief Technology Officer 1
- 2. 2
- 3. NAB and the ODCA About Us NAB and the ODCA National Australia Bank Group (the Group) is a financial services Part of the ODCA as a Steering organisation with over Committee Member since 2010. 12,000,000 customers and Chair of Security Workgroup and 50,000 people, operating more helped develop Security Usage than 1,750 stores and Service Models. Centres globally. Currently developing our Internal Private Cloud Capability. 3
- 4. Challenges and Role of Usage Models Challenges Usage Models • Common understanding • Usage models developed of security standards to overcome these issues is a big hurdle to enterprise cloud adoption • Provider assurance • Very difficult to determine • Security monitoring “what is secure” • Bronze/Silver/Gold/Platinum 4
- 5. ODCA Proof of Concept Process Pre-engagement Project Project Project Match Making Planning Execution Closure • SP checklist • Generate/Agree on • Acquire equipment, • Reports submitted statement of work SW, and licensing • WG feedback • Members select SP • Determine PM • Configure Test bed method • Demos • Initiate kick-off • Execute test meeting • Generate test plan plan/document • Other • WG, steering comm. • WG approval notified of test plan REAL WORLD SOLUTIONS built on industry driven guidelines PM = Project Management, SP= Solution Provider, SW = Software, WG = Work Group, 5
- 6. ODCA Security POC Usage Model Security Provider Security Assurance Monitoring • 26 security requirements • Requires proof of achieving requirements • 8 test cases • 2 success scenarios 6
- 8. Terremark Vision for Enterprise Cloud Core Capabilities Purpose-Built Data Centers Secure and Isolate Customer Data Automated and Efficient Programmable with Application Services Attributes Global Extensible Hybrid Capability Service Levels Simplicity of Use Predictability and Control Investment Expansion Expertise and People Globally Delivered New Solutions and Markets from World-Class Facilities 8
- 9. Virtual Farm with Intelligent Networking The Building Block of Your Environment The virtual farm creates the individual customer network construct and delivers a secure and resilient configuration to access and protect customer data. Directly provisioned from the portal Virtual Farm N Virtual Carves out secure access to resources Load Balancer and creates customer VLAN Virtual Firewall Every virtual farm contains: • Virtual Firewall DMZ Network • Virtual Load Balancer Trusted (Public IP-Facing) Network Two-tiered networking space: Server Server • Trusted network accessible only to other CaaS servers Resources Resources • DMZ network can be configured for Public IP-facing applications Virtual Farm is key part of security story Storage 9
- 10. ODCA Gold Provider Assurance Terremark Verizon Managed Cloud Cloud Subscriber Security Infrastructure Internet CP Firewall 01 ODCA Gold Remote Connections Name: CP Bastion 02 Name: CP Bastion 01 Firewall 01 CP Load Server OS: RH Linux Server OS: Windows 2003 Balancer Remote Sites Role: Remote Access Role: Remote Access DMZ CP Firewall 02 SecApp02 SecApp01 WebApp02 WebApp01 Server OS: Windows 2003 Server OS: Windows 2008 Server OS: RH Linux Server OS: RH Linux Role: ODCA Gold Demos Role: Security Management Role: Application Server Role: Application Server ODCA Gold Firewall 02 Internal Network SecMgmt01 SecScanner01 SecSIEM01 SecPol01 SecDB01 Server OS: Windows 2003 Server OS: Windows 2003 Server OS: Windows 2008 Server OS: Windows 2008 Server OS: Linux Red Hat 5.6 Role: Directory Services Role: Vulnerability Scanner Role: Log Management Role: Policy Management Role: Database Server 10
- 11. 11
- 12. Testing Methodology 1. Assess Provider Assurance Requirements 2. Identify Security Technologies and Provider Policies Needed to Support the Solution 3. Implement ODCA Solution: • Trapezoid Interoperability Lab • Terremark Managed VMware Cloud • Applied Innovations HyperV Cloud 4. Security Monitoring 12
- 13. ODCA Gold Assurance: Challenges Providers don’t perform Proof of Concepts Steps many of the security requirements yet 1. Multiple service providers 2. 8 test cases covering provider assurance requirements Surfacing data from tools that aren’t truly multi- 3. Subscriber validation of tenant requirements 4. Also designing a portal that All security requirements provides a web interface to needs to be in place prior to tools that have multiple views the security monitoring and reports for Platinum ODCA reports 13
- 14. ODCA Gold Assurance: Results Currently no service providers are meeting all of the requirements Service Providers must work more closely with cloud subscriber Third party security providers can help facilitate the process by adding layers of security required by each assurance level 14
- 15. Impact of PoC Elements of usage model Usage model developed well defined, however some with best intention controls difficult to assess and/or implement Further refinement of the Purpose of the PoC was usage model to come to allow to determine whether the the more broad adoption standards we’d created of these tiered offerings, were implementable including distinction between managed/unmanaged service 15
- 16. RFP / Adoption Additional refresh of usage model to take into account results of the PoC RFP requirements also refined as part of this process Your Opportunity: Learn from this POC to form your organizational strategy. Demand secure and standard solutions based on ODCA requirements 16
- 17. Thank You 17
- 18. Resources Learn the latest about ODCA requirements PRIORITIZE at www.opendatacenteralliance.org Use ODCA PEAT Tool for Upcoming RFPs DELIVER Explore the Latest Solutions at ODCA's Cloud Expo Showcase Booth #411 Actively Participate in Today's Sessions #Forecast12 SHARE Scale your Knowledge with ODCA MEET