SlideShare a Scribd company logo

Cloud Security POV_Final (by KM)

K
Khiro Mishra

NTT DATA provides comprehensive cloud security services to help organizations securely adopt cloud technologies. Their solutions address challenges such as multi-tenancy, workload isolation, and extending on-premises security policies to public and private clouds. Key services include identity and access management, encryption of data in motion and at rest, vulnerability scanning, auditing and logging, and managed firewalls, intrusion detection/prevention, and security monitoring. NTT DATA helps customers navigate public and private cloud options and ensures security across cloud deployments.

1 of 6
Download to read offline
1
2
3
4
5
6
NTT DATA welcomed Dell Services into the family in 2016. Together, we offer one of the industry’s most comprehensive services portfolios designed to modernize business and technology to deliver the outcomes that matter most to our clients. Cloud Security An NTT DATA Services point of view by Khirodra Mishra
2 Executive summary Today, organizations focus more on services that deliver bottom-line results and less on the procurement and management of systems. As the pressure increases on IT to provide on-demand services that are agile, elastic and secure, more and more organizations are turning to the cloud. Cloud allows organizations to reinvent the way they deliver IT services to drive better business results. According to Gartner, private cloud has moved from an aspiration to a reality for nearly half of large enterprises in the past few years.1 And hybrid cloud computing isn’t far behind. While enterprises crave the resiliency, predictability, data integrity, resource pooling, virtualization, elasticity and cost transparency of private cloud, they also want the flexibility to connect with public clouds. According to a recent survey, 82% of enterprises have a hybrid cloud strategy — up from 74% in 2014.2 But while cloud grows in popularity, it also introduces new security challenges. To protect mission-critical applications and data stored in the cloud, organizations need a comprehensive cloud security strategy. This white paper explores NTT DATA Security Services’ end-to-end security solutions and how they safeguard critical data from external attacks and inside security breaches, reducing the risk of lost, damaged or stolen information. Demystifying cloud and cloud security According to the National Institute of Standards and Technology (NIST), cloud infrastructures come in a variety of deployment models, including public, private, community and hybrid. They also define three distinct cloud delivery models: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).3 Cloud solutions provide organizations with on-demand, self-service capabilities that include broad network access, resource pooling, rapid elasticity and measured or billable services. Multi-tenancy, another key aspect of cloud deployments, can reduce capital expenditure and operating costs, but it also increases the need for cloud security. Multi-tenancy enables the sharing of available resources by multiple consumers. This can lead to the possibility of another tenant having access to an organization’s residual data or operational information, posing a significant security risk. While a public cloud can have several tenants, a private cloud is often dedicated to one enterprise or organization, making workload isolation less of a security concern than in public cloud. In a cloud environment, cloud providers and tenants have varying degrees of control over computing resources, and both parties share the responsibility of providing adequate protection for their cloud-based systems. This shared responsibility has been acknowledged by leading standards organizations, such as NIST and the Cloud Security Alliance, as well as major private and public cloud providers. Cloud services provide flexibility, fast provisioning and quicker go-to-market appeal. However, because of the cloud service models employed and the technologies used to enable cloud services, cloud computing presents different security risks and challenges to an enterprise when compared to a traditional IT environment. Deployment models Delivery models Essential cloud characteristic SaaS Software as a service PaaS Platform as a service IaaS Infrastructure as a service Private Community Public Hybrid On-demand service Broad network access Resource pooling Rapid elasticity Measured services Figure 2: The cloud reference model Figure 1: Cloud deployment and delivery models
3 If you are planning to start or are already taking advantage of cloud deployments, are you confident that you have the right security measures in place? The NTT DATA point of view on cloud security Cloud security is a comprehensive set of policies, processes and tools used to protect data and applications running on private and public cloud infrastructures. While security is a shared responsibility, Security Services can help organizations take the complexity out of cloud deployment. We provide seamless management and support for cloud security, backed by in-depth experience, proven tools and certified trained consultants and security experts. Our services analyze, design, deploy, manage and extend enterprise security policies on behalf of the enterprise — from on-premises to private and public cloud deployments. With industry-accredited security tools, NTT DATA Security Services enable proactive monitoring, log and event analysis, incident reporting, and rapid containment and eradication of threats. Our solutions significantly minimizes the duration and impact of a security breach in a private or public cloud environment. Key pillars of cloud security There are two critical security challenges when moving workloads to a cloud environment. The first is how to safely and securely access workloads in a cloud environment, while the second and bigger challenge is how to extend the on-premises enterprise security policies to the cloud. Security Services utilize the following strategies to overcome these challenges: • Host defense: Whether workloads are running on-premises or in the cloud, an organization needs to harden the virtual machine (VM) by using host-based protection such as anti-virus, anti-spyware and host intrusion prevention system (IPS) software. This can be further complemented by providing web content filtering and host log monitoring capabilities. • Visibility and access control: Manage user accounts and provide authentication, authorization and accounting, by adding a layer of protection and securing network infrastructure and application workload. • Encryption: Encrypt if it’s relevant at the data, workload and transport levels. Encryption provides a new boundary that secures enterprise assets wherever they are. But at the same time, too much encryption may lead to additional compute overhead and may prevent benefits derived from technologies such as wide-area network (WAN) optimization. • Operational simplification and visibility: Security needs to be consistent, transparent and operationally simple to manage — whether workloads are running in the data center, in a private cloud or on a public cloud infrastructure. Managed cloud security capabilities As cloud security is a collaborative responsibility from infrastructure to application security, Security Services work with organizations to empower them to take full control of security management of everything above the hypervisor in a cloud environment — from anti-malware and security administration to OS patch management and encryption. Identity and access management Identity and access management (IAM) is a critical aspect of running a secure cloud environment. Our Security Services use identity management and Active Directory tools provided by industry-accredited vendors such as Microsoft and SailPoint to offer a role-based access control (RBAC) scheme for cloud administrators based on their job function, privilege and duties. Along with RBAC, a centralized auditing and logging solution is also offered to track all aspects of user and role management. Figure 3: Cloud security – a shared responsibility
4 Guest operating system patching Security Services offer a comprehensive patch management solution by utilizing tools, such as Microsoft System Center Configuration Management, to optimize patching schedules. This allows organizations to download patches only when and as needed, optimizing the overall OS and application performance, and eliminating the need to manage patches that are not applicable. Encrypting data at rest and in motion Encryption can protect data in motion (also referred to as encryption in transit) as well as data at rest or in storage. Through strategic partnerships, NTT DATA offers organizations a scalable solution that can easily encrypt any file, database or application anywhere it resides on supported operating systems and file systems at the workload or transport level. This means organizations aren’t sacrificing application performance with complex management processes — while also ensuring all user data is completely opaque to underlying providers and other tenants. Transport-level encryption complements application-level encryption by implementing a virtual private network using either IPsec or SSL for connecting the enterprise on-premises network with the cloud infrastructure. Vulnerability scanning Vulnerabilities emerge every day within networks, web applications and databases, whether they are on-premises or in a cloud environment. Assessments help pinpoint vulnerabilities arising from system software shortfalls and system misconfigurations. Our Security Services include a vulnerability assessment using tools, such as Critical Watch and Qualys, to provide programmatic identification, analysis and reporting of technical security vulnerabilities that an unauthorized person could use to exploit the confidentiality, integrity and availability of data and information systems. Auditing and logging NTT DATA assists organizations with securing their access control using high- performance security information and event management (SIEM) technology for enhanced log analysis and event monitoring. We also help organizations analyze logs generated by public cloud services, such as Amazon Web Services (AWS), AWS CloudTrail and Amazon CloudWatch. This includes logs for events such as configuration, hardening and patching of the OS and applications, as well as all events related to the access of applications running in a cloud environment. Proactive monitoring and auditing ensure compliance, change control and auditing, and improve operations and development processes. Applications, infrastructure and network monitoring Security Services offer operational awareness of applications, infrastructure and networking elements with continuous monitoring, correlation and assessment of alerts in real time. We monitor applications using SIEM tools, and integrate SIEM interfaces with strategic partner tools to perform infrastructure monitoring. Our process uses the cloud provider’s application programming interfaces (APIs) to monitor, log and control all aspects of the organization’s cloud infrastructure. Endpoint security Security Services also offer managed anti-virus, data encryption, host IPS and vulnerability assessments to protect endpoints and workloads from spyware, trojans, viruses and worms, as well as prevent unauthorized access to an organization’s data by utilizing enterprise- grade host anti-malware solutions. In addition, we provide host-based firewalls for mitigating the risk of unauthorized access across workloads running on the same hypervisor. Figure 4: Our suite of managed cloud security services
5 Firewall Firewalls provide a first line of defence between the organization, the internet and their cloud environment. Firewall Services by NTT DATA send firewall events to the SIEM for review and correlation with other events in the environment. Our certified engineers perform periodic firewall rules optimization to ensure the complex firewall rule sets provide the expected protection of an organization’s cloud environment. Intrusion detection and prevention A managed intrusion detection system (IDS) and IPS protects against attacks originating from the internet and ensure that other public cloud tenants don’t gain unauthorized access to an organization’s cloud workloads or data. The IDS and IPS can also send event information to the SIEM, providing our security operations center analysts with additional information that allows them to properly evaluate security events and threats. Security strategy and risk management Security Services also assists enterprises with information security managers (ISMs), certified professionals who oversee cloud security programs and orchestrate the delivery of information security services. ISMs act as an organization’s trusted partner, collaborating with the organization to understand, anticipate and recommend risk mitigation strategies, while providing information security protection for the organization’s assets. NTT DATA Dedicated Cloud NTT DATA helps organizations confidently navigate complex cloud landscapes with solutions in either their data center, an NTT DATA data center or hosted using public cloud. This allows the most sensitive, mission-critical workloads to run in a highly secure, dedicated IT environment — without daily management and maintenance. NTT DATA Dedicated Cloud is designed to serve as an extension of an organization’s data center. With familiar management tools, an organization can quickly begin using the service without having to learn new interfaces or modify processes. Common data center tasks, such as OS management and backup and recovery administration, have never been easier. Our services provide a managed cloud infrastructure that is compatible with the IT Infrastructure Library-based operational processes an organization currently has in place. Our global onboarding team collaborates with the organization’s staff to provide an effortless onboarding experience. Our expert project managers and technical consultants are also available to guide organizations and provide technical support. Security in NTT DATA Dedicated Cloud Information security is one of the main components of Dedicated Cloud. IT security services provide protection across the network, safeguarding the perimeter, critical internal assets, data, remote users, clients and partners. Our security teams provide key controls for regulations, including the Gramm-Leach- Bliley Act, the Payment Card Industry Data Security Standard, the Sarbanes- Oxley Act, the Health IT for Economic and Clinical Health Act, the Health Insurance Portability and Accountability Act and ISO 27001/27002. Information security for Dedicated Cloud acts as a mature and integrated program that constantly evolves in order to fight against new threats and protect an organization’s assets. NTT DATA Cloud On Demand We understand that flexibility and freedom of choice are critical, and a single technology or vendor doesn’t meet all your requirements. A key aspect of our cloud strategy, NTT DATA Cloud On Demand gives you access to a portfolio of public cloud solutions for a variety of cloud needs spanning compute, storage and hosted exchange. This is possible through our extensive, global partner ecosystem, which allows you to take advantage of cloud capabilities through proven cloud providers that offer a wide range of use cases, technologies, solutions and pricing models to meet your needs. You can take advantage of world-class security solutions below the hypervisor from proven cloud providers such as AWS and Microsoft Azure. Partnering to win Our partner-centric approach ensures we provide end-to-end cloud solutions tailored to your needs that quickly deliver and demonstrate business value, flexibly align services with your business objectives, and automate core IT processes — allowing you to create new revenue streams. Making cloud a reality NTT DATA brings together all technical resources for cloud-based service delivery, and integrates and manages suppliers of separately contracted cloud services. This ensures that you don’t deal with the complexities of vendor management — and that you benefit from a single, trusted partner for your cloud solutions. Figure 5: NNT Data Dedicated Cloud integrated cloud security
As our ecosystem of cloud partners grows, we add value to our products, technologies and service offerings to meet your evolving needs. By transforming your IT to utilize the power of cloud, we can help you speed innovation, support differentiation, open up new markets, strengthen customer relationships and increase responsiveness. NTT DATA partners with clients to navigate the modern complexities of business and technology, delivering the insights, solutions and outcomes that matter most. We’re a top 10 global IT services and consulting provider that wraps deep industry expertise around a comprehensive portfolio of infrastructure, applications and business process services. © 2016 NTT DATA, Inc.  All rights reserved. 0000112016 | NTTD 2010_Cloud Security POV WP_1.indd | Rev. 1.0 Visit nttdataservices.com/managedservices to learn more. Prioritize cloud and cloud security plans Look for business needs that require flexibility, resource pools and a rapid, dynamic response. 1 Choose the right partner Ensure your needs are met with a committed, outcome-focused solution provider. 3 Maintain agility Utilize open technology and standards so you can enable the technology you want, when you want it. 2 The recipe for cloud readiness and security We believe that better security leads to better business. Designed to protect an organization’s key information assets across cloud, networks, hosts and applications, NTT DATA Security Services offer the industry’s broadest portfolio of security services to assist IT security and help IT organizations take full advantage of public and private cloud deployments. Our highly trained security experts become an extension of an organization’s in-house IT staff and provide security analysis, device and technology configuration, alert management and 24x7 monitoring. The NTT DATA approach to cloud offers access to a portfolio of public solutions for a variety of cloud needs spanning compute, storage and hosted exchange. Our extensive global partner ecosystem allows enterprises to take advantage of world-class security solutions below the hypervisor from proven cloud providers such as AWS and Microsoft Azure. References 1 Gartner Says Nearly Half of Large Enterprises Will Have Hybrid Cloud Deployments by the End of 2017. Gartner press release. October 1, 2013. http://www.gartner.com/newsroom/id/2599315 2 Cloud Computing Trends: 2015 State of the Cloud Survey. RightScale. February 18, 2015. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey 3 Definitions, National Institute of Standards and Technology (NIST). http://www.nist.gov/ Figure 6: Three steps to a fully secure cloud environment Figure 7: NTT DATA cloud partner ecosystem

More Related Content

PDF
Security of the Cloud
Epoch Universal, Inc.
 
PDF
Whitepaper: Security of the Cloud
CloudSmartz
 
PDF
Cloud computing security issues and challenges
Kresimir Popovic
 
PPTX
Cloud computing and its security issues
Jyoti Srivastava
 
PPTX
Cloud computing security & forensics (manu)
ClubHack
 
PPTX
Security Issues in Cloud Computing
Jyotika Pandey
 
PDF
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
PDF
Kp3419221926
IJERA Editor
 
Security of the Cloud
Epoch Universal, Inc.
 
Whitepaper: Security of the Cloud
CloudSmartz
 
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud computing and its security issues
Jyoti Srivastava
 
Cloud computing security & forensics (manu)
ClubHack
 
Security Issues in Cloud Computing
Jyotika Pandey
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
Kp3419221926
IJERA Editor
 

What's hot (20)

PDF
Cloud Security
Hi-Tech College
 
PDF
Cloud security and adoption
Sudsanguan Ngamsuriyaroj
 
PPTX
Cloud Computing Security Issues
Stelios Krasadakis
 
PDF
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
DOCX
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
PPT
Cloud Computing Security Issues
Discover Cloud Computing
 
PPTX
Cloud Security (Domain1- 5)
Maganathin Veeraragaloo
 
PDF
Rp059 Icect2012 E694
Sandeep Saxena
 
PDF
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET Journal
 
PDF
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
DOC
Cloud security
Mohamed Shalash
 
PDF
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
PDF
Challenges with Cloud Security by Ken Y Chan
Ken Chan
 
PDF
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
PPTX
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
PPT
Security Issues of Cloud Computing
Falgun Rathod
 
PDF
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
PPTX
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
PDF
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
PDF
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
Cloud Security
Hi-Tech College
 
Cloud security and adoption
Sudsanguan Ngamsuriyaroj
 
Cloud Computing Security Issues
Stelios Krasadakis
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security Issues
Discover Cloud Computing
 
Cloud Security (Domain1- 5)
Maganathin Veeraragaloo
 
Rp059 Icect2012 E694
Sandeep Saxena
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET Journal
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
Cloud security
Mohamed Shalash
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
Challenges with Cloud Security by Ken Y Chan
Ken Chan
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Security Issues of Cloud Computing
Falgun Rathod
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
Ad

Similar to Cloud Security POV_Final (by KM) (20)

PDF
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
Shah Sheikh
 
PDF
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
PDF
Paper id 21201458
IJRAT
 
DOCX
Cloud computing seminar report
shafzonly
 
PDF
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
PDF
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
PDF
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
PDF
CloudWALL Profile ENG
CloudWALL Italia
 
PDF
A study on_security_and_privacy_issues_o
Pradeep Muralidhar
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
PPTX
Data security in cloud computing
Prince Chandu
 
PPTX
cloud-computing--------------------.pptx
neymrsantosjr11
 
PDF
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
 
DOCX
Why Cloud Security Matters in Today's Business World
Ciente
 
PDF
AI for cloud computing A strategic guide.pdf
ChristopherTHyatt
 
PDF
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
DOC
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
PDF
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
PDF
Cloud Data Protection for the Masses
IRJET Journal
 
PDF
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
DataSpace Academy
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
Shah Sheikh
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Paper id 21201458
IJRAT
 
Cloud computing seminar report
shafzonly
 
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
CloudWALL Profile ENG
CloudWALL Italia
 
A study on_security_and_privacy_issues_o
Pradeep Muralidhar
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Data security in cloud computing
Prince Chandu
 
cloud-computing--------------------.pptx
neymrsantosjr11
 
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
 
Why Cloud Security Matters in Today's Business World
Ciente
 
AI for cloud computing A strategic guide.pdf
ChristopherTHyatt
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Cloud Data Protection for the Masses
IRJET Journal
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
DataSpace Academy
 
Ad

More from Khiro Mishra (6)

PDF
Consultant's Review_Evolution of M&A in India
Khiro Mishra
 
PDF
Dataquest_Cloud Computing and the changing role of CIOs
Khiro Mishra
 
PDF
CIOL_Laying Foundation stone for transformation
Khiro Mishra
 
PDF
Dataquest_7 Cloud Enabled Business Trends
Khiro Mishra
 
PDF
Software_defines_the_future_infrastructure (1)_final
Khiro Mishra
 
PDF
Infrastructure-Strategy-for-Digital-Transformation-v3
Khiro Mishra
 
Consultant's Review_Evolution of M&A in India
Khiro Mishra
 
Dataquest_Cloud Computing and the changing role of CIOs
Khiro Mishra
 
CIOL_Laying Foundation stone for transformation
Khiro Mishra
 
Dataquest_7 Cloud Enabled Business Trends
Khiro Mishra
 
Software_defines_the_future_infrastructure (1)_final
Khiro Mishra
 
Infrastructure-Strategy-for-Digital-Transformation-v3
Khiro Mishra
 

Cloud Security POV_Final (by KM)

  • 1. NTT DATA welcomed Dell Services into the family in 2016. Together, we offer one of the industry’s most comprehensive services portfolios designed to modernize business and technology to deliver the outcomes that matter most to our clients. Cloud Security An NTT DATA Services point of view by Khirodra Mishra
  • 2. 2 Executive summary Today, organizations focus more on services that deliver bottom-line results and less on the procurement and management of systems. As the pressure increases on IT to provide on-demand services that are agile, elastic and secure, more and more organizations are turning to the cloud. Cloud allows organizations to reinvent the way they deliver IT services to drive better business results. According to Gartner, private cloud has moved from an aspiration to a reality for nearly half of large enterprises in the past few years.1 And hybrid cloud computing isn’t far behind. While enterprises crave the resiliency, predictability, data integrity, resource pooling, virtualization, elasticity and cost transparency of private cloud, they also want the flexibility to connect with public clouds. According to a recent survey, 82% of enterprises have a hybrid cloud strategy — up from 74% in 2014.2 But while cloud grows in popularity, it also introduces new security challenges. To protect mission-critical applications and data stored in the cloud, organizations need a comprehensive cloud security strategy. This white paper explores NTT DATA Security Services’ end-to-end security solutions and how they safeguard critical data from external attacks and inside security breaches, reducing the risk of lost, damaged or stolen information. Demystifying cloud and cloud security According to the National Institute of Standards and Technology (NIST), cloud infrastructures come in a variety of deployment models, including public, private, community and hybrid. They also define three distinct cloud delivery models: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).3 Cloud solutions provide organizations with on-demand, self-service capabilities that include broad network access, resource pooling, rapid elasticity and measured or billable services. Multi-tenancy, another key aspect of cloud deployments, can reduce capital expenditure and operating costs, but it also increases the need for cloud security. Multi-tenancy enables the sharing of available resources by multiple consumers. This can lead to the possibility of another tenant having access to an organization’s residual data or operational information, posing a significant security risk. While a public cloud can have several tenants, a private cloud is often dedicated to one enterprise or organization, making workload isolation less of a security concern than in public cloud. In a cloud environment, cloud providers and tenants have varying degrees of control over computing resources, and both parties share the responsibility of providing adequate protection for their cloud-based systems. This shared responsibility has been acknowledged by leading standards organizations, such as NIST and the Cloud Security Alliance, as well as major private and public cloud providers. Cloud services provide flexibility, fast provisioning and quicker go-to-market appeal. However, because of the cloud service models employed and the technologies used to enable cloud services, cloud computing presents different security risks and challenges to an enterprise when compared to a traditional IT environment. Deployment models Delivery models Essential cloud characteristic SaaS Software as a service PaaS Platform as a service IaaS Infrastructure as a service Private Community Public Hybrid On-demand service Broad network access Resource pooling Rapid elasticity Measured services Figure 2: The cloud reference model Figure 1: Cloud deployment and delivery models
  • 3. 3 If you are planning to start or are already taking advantage of cloud deployments, are you confident that you have the right security measures in place? The NTT DATA point of view on cloud security Cloud security is a comprehensive set of policies, processes and tools used to protect data and applications running on private and public cloud infrastructures. While security is a shared responsibility, Security Services can help organizations take the complexity out of cloud deployment. We provide seamless management and support for cloud security, backed by in-depth experience, proven tools and certified trained consultants and security experts. Our services analyze, design, deploy, manage and extend enterprise security policies on behalf of the enterprise — from on-premises to private and public cloud deployments. With industry-accredited security tools, NTT DATA Security Services enable proactive monitoring, log and event analysis, incident reporting, and rapid containment and eradication of threats. Our solutions significantly minimizes the duration and impact of a security breach in a private or public cloud environment. Key pillars of cloud security There are two critical security challenges when moving workloads to a cloud environment. The first is how to safely and securely access workloads in a cloud environment, while the second and bigger challenge is how to extend the on-premises enterprise security policies to the cloud. Security Services utilize the following strategies to overcome these challenges: • Host defense: Whether workloads are running on-premises or in the cloud, an organization needs to harden the virtual machine (VM) by using host-based protection such as anti-virus, anti-spyware and host intrusion prevention system (IPS) software. This can be further complemented by providing web content filtering and host log monitoring capabilities. • Visibility and access control: Manage user accounts and provide authentication, authorization and accounting, by adding a layer of protection and securing network infrastructure and application workload. • Encryption: Encrypt if it’s relevant at the data, workload and transport levels. Encryption provides a new boundary that secures enterprise assets wherever they are. But at the same time, too much encryption may lead to additional compute overhead and may prevent benefits derived from technologies such as wide-area network (WAN) optimization. • Operational simplification and visibility: Security needs to be consistent, transparent and operationally simple to manage — whether workloads are running in the data center, in a private cloud or on a public cloud infrastructure. Managed cloud security capabilities As cloud security is a collaborative responsibility from infrastructure to application security, Security Services work with organizations to empower them to take full control of security management of everything above the hypervisor in a cloud environment — from anti-malware and security administration to OS patch management and encryption. Identity and access management Identity and access management (IAM) is a critical aspect of running a secure cloud environment. Our Security Services use identity management and Active Directory tools provided by industry-accredited vendors such as Microsoft and SailPoint to offer a role-based access control (RBAC) scheme for cloud administrators based on their job function, privilege and duties. Along with RBAC, a centralized auditing and logging solution is also offered to track all aspects of user and role management. Figure 3: Cloud security – a shared responsibility
  • 4. 4 Guest operating system patching Security Services offer a comprehensive patch management solution by utilizing tools, such as Microsoft System Center Configuration Management, to optimize patching schedules. This allows organizations to download patches only when and as needed, optimizing the overall OS and application performance, and eliminating the need to manage patches that are not applicable. Encrypting data at rest and in motion Encryption can protect data in motion (also referred to as encryption in transit) as well as data at rest or in storage. Through strategic partnerships, NTT DATA offers organizations a scalable solution that can easily encrypt any file, database or application anywhere it resides on supported operating systems and file systems at the workload or transport level. This means organizations aren’t sacrificing application performance with complex management processes — while also ensuring all user data is completely opaque to underlying providers and other tenants. Transport-level encryption complements application-level encryption by implementing a virtual private network using either IPsec or SSL for connecting the enterprise on-premises network with the cloud infrastructure. Vulnerability scanning Vulnerabilities emerge every day within networks, web applications and databases, whether they are on-premises or in a cloud environment. Assessments help pinpoint vulnerabilities arising from system software shortfalls and system misconfigurations. Our Security Services include a vulnerability assessment using tools, such as Critical Watch and Qualys, to provide programmatic identification, analysis and reporting of technical security vulnerabilities that an unauthorized person could use to exploit the confidentiality, integrity and availability of data and information systems. Auditing and logging NTT DATA assists organizations with securing their access control using high- performance security information and event management (SIEM) technology for enhanced log analysis and event monitoring. We also help organizations analyze logs generated by public cloud services, such as Amazon Web Services (AWS), AWS CloudTrail and Amazon CloudWatch. This includes logs for events such as configuration, hardening and patching of the OS and applications, as well as all events related to the access of applications running in a cloud environment. Proactive monitoring and auditing ensure compliance, change control and auditing, and improve operations and development processes. Applications, infrastructure and network monitoring Security Services offer operational awareness of applications, infrastructure and networking elements with continuous monitoring, correlation and assessment of alerts in real time. We monitor applications using SIEM tools, and integrate SIEM interfaces with strategic partner tools to perform infrastructure monitoring. Our process uses the cloud provider’s application programming interfaces (APIs) to monitor, log and control all aspects of the organization’s cloud infrastructure. Endpoint security Security Services also offer managed anti-virus, data encryption, host IPS and vulnerability assessments to protect endpoints and workloads from spyware, trojans, viruses and worms, as well as prevent unauthorized access to an organization’s data by utilizing enterprise- grade host anti-malware solutions. In addition, we provide host-based firewalls for mitigating the risk of unauthorized access across workloads running on the same hypervisor. Figure 4: Our suite of managed cloud security services
  • 5. 5 Firewall Firewalls provide a first line of defence between the organization, the internet and their cloud environment. Firewall Services by NTT DATA send firewall events to the SIEM for review and correlation with other events in the environment. Our certified engineers perform periodic firewall rules optimization to ensure the complex firewall rule sets provide the expected protection of an organization’s cloud environment. Intrusion detection and prevention A managed intrusion detection system (IDS) and IPS protects against attacks originating from the internet and ensure that other public cloud tenants don’t gain unauthorized access to an organization’s cloud workloads or data. The IDS and IPS can also send event information to the SIEM, providing our security operations center analysts with additional information that allows them to properly evaluate security events and threats. Security strategy and risk management Security Services also assists enterprises with information security managers (ISMs), certified professionals who oversee cloud security programs and orchestrate the delivery of information security services. ISMs act as an organization’s trusted partner, collaborating with the organization to understand, anticipate and recommend risk mitigation strategies, while providing information security protection for the organization’s assets. NTT DATA Dedicated Cloud NTT DATA helps organizations confidently navigate complex cloud landscapes with solutions in either their data center, an NTT DATA data center or hosted using public cloud. This allows the most sensitive, mission-critical workloads to run in a highly secure, dedicated IT environment — without daily management and maintenance. NTT DATA Dedicated Cloud is designed to serve as an extension of an organization’s data center. With familiar management tools, an organization can quickly begin using the service without having to learn new interfaces or modify processes. Common data center tasks, such as OS management and backup and recovery administration, have never been easier. Our services provide a managed cloud infrastructure that is compatible with the IT Infrastructure Library-based operational processes an organization currently has in place. Our global onboarding team collaborates with the organization’s staff to provide an effortless onboarding experience. Our expert project managers and technical consultants are also available to guide organizations and provide technical support. Security in NTT DATA Dedicated Cloud Information security is one of the main components of Dedicated Cloud. IT security services provide protection across the network, safeguarding the perimeter, critical internal assets, data, remote users, clients and partners. Our security teams provide key controls for regulations, including the Gramm-Leach- Bliley Act, the Payment Card Industry Data Security Standard, the Sarbanes- Oxley Act, the Health IT for Economic and Clinical Health Act, the Health Insurance Portability and Accountability Act and ISO 27001/27002. Information security for Dedicated Cloud acts as a mature and integrated program that constantly evolves in order to fight against new threats and protect an organization’s assets. NTT DATA Cloud On Demand We understand that flexibility and freedom of choice are critical, and a single technology or vendor doesn’t meet all your requirements. A key aspect of our cloud strategy, NTT DATA Cloud On Demand gives you access to a portfolio of public cloud solutions for a variety of cloud needs spanning compute, storage and hosted exchange. This is possible through our extensive, global partner ecosystem, which allows you to take advantage of cloud capabilities through proven cloud providers that offer a wide range of use cases, technologies, solutions and pricing models to meet your needs. You can take advantage of world-class security solutions below the hypervisor from proven cloud providers such as AWS and Microsoft Azure. Partnering to win Our partner-centric approach ensures we provide end-to-end cloud solutions tailored to your needs that quickly deliver and demonstrate business value, flexibly align services with your business objectives, and automate core IT processes — allowing you to create new revenue streams. Making cloud a reality NTT DATA brings together all technical resources for cloud-based service delivery, and integrates and manages suppliers of separately contracted cloud services. This ensures that you don’t deal with the complexities of vendor management — and that you benefit from a single, trusted partner for your cloud solutions. Figure 5: NNT Data Dedicated Cloud integrated cloud security
  • 6. As our ecosystem of cloud partners grows, we add value to our products, technologies and service offerings to meet your evolving needs. By transforming your IT to utilize the power of cloud, we can help you speed innovation, support differentiation, open up new markets, strengthen customer relationships and increase responsiveness. NTT DATA partners with clients to navigate the modern complexities of business and technology, delivering the insights, solutions and outcomes that matter most. We’re a top 10 global IT services and consulting provider that wraps deep industry expertise around a comprehensive portfolio of infrastructure, applications and business process services. © 2016 NTT DATA, Inc.  All rights reserved. 0000112016 | NTTD 2010_Cloud Security POV WP_1.indd | Rev. 1.0 Visit nttdataservices.com/managedservices to learn more. Prioritize cloud and cloud security plans Look for business needs that require flexibility, resource pools and a rapid, dynamic response. 1 Choose the right partner Ensure your needs are met with a committed, outcome-focused solution provider. 3 Maintain agility Utilize open technology and standards so you can enable the technology you want, when you want it. 2 The recipe for cloud readiness and security We believe that better security leads to better business. Designed to protect an organization’s key information assets across cloud, networks, hosts and applications, NTT DATA Security Services offer the industry’s broadest portfolio of security services to assist IT security and help IT organizations take full advantage of public and private cloud deployments. Our highly trained security experts become an extension of an organization’s in-house IT staff and provide security analysis, device and technology configuration, alert management and 24x7 monitoring. The NTT DATA approach to cloud offers access to a portfolio of public solutions for a variety of cloud needs spanning compute, storage and hosted exchange. Our extensive global partner ecosystem allows enterprises to take advantage of world-class security solutions below the hypervisor from proven cloud providers such as AWS and Microsoft Azure. References 1 Gartner Says Nearly Half of Large Enterprises Will Have Hybrid Cloud Deployments by the End of 2017. Gartner press release. October 1, 2013. http://www.gartner.com/newsroom/id/2599315 2 Cloud Computing Trends: 2015 State of the Cloud Survey. RightScale. February 18, 2015. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey 3 Definitions, National Institute of Standards and Technology (NIST). http://www.nist.gov/ Figure 6: Three steps to a fully secure cloud environment Figure 7: NTT DATA cloud partner ecosystem