20160302 security on ibm cloud
TRANSCRIPT
1© 2015 IBM Corporation© 2016 IBM Corporation
Security on IBM Cloud
Manuel DazaIBM Cloud Sales Specialist Europe
@dabarsm
February 2016
© IBM Corporation 2
83%
of enterprises have difficulty
finding the security skills they need2012 ESG Research
85 security tools from
45 vendorsIBM client example
… and traditional security practices are unsustainable
of security executives have
cloud and mobile concerns2013 IBM CISO Survey
70%
mobile devicesIBM X-Force Threat Intelligence Quarterly 1Q 2015,
11.6MMobile malware is affecting
New technologies introduce new risks…
© IBM Corporation 3
IBM Cloud: Choice with Consistency
© IBM Corporation 4© IBM Corporation 4IBM CONFIDENTIAL
The IBM Cloud Value Proposition
Open Cloud Architecture
One Cloud Platform
One Cloud PlatformOpen Cloud ArchitectureOne User Experience
© IBM Corporation 5
IBM OpenStack offering portfolio
Private Cloud
Dedicated
Cloud Management
(IBM Cloud Orchestrator, UrbanCode)
Public Cloud
Public Local
BlueMixPublic Dedicated Local
© IBM Corporation 6
Expansive network of IBM Cloud data centers
Over 40 global cloud centers
Open, secure, and scalable
Secure, high-speed network
Expert services and tools
Secure integration to on-premise
North America Regions
• US East
• US Central
• US West
• Canada
• Mexico
European Regions
• United Kingdom
• Netherlands
• Germany
• France
• Italy
Asia Pacific Regions
• Japan
• Australia
• Singapore
• Hong Kong
• India
© IBM Corporation 7
Next Gen enterprise appsBorn on the web
Moving to the cloud
SoftLayer services born on the web customers and meets the
cloud demands of businesses across the spectrum
SoftLayer works for organizations
© IBM Corporation 8
Workloads Running in the cloud
•Active Directory & Exchange
•File Servers
•App and Database Servers
•Web Servers
•Private and Hybrid Clouds
•Backup / DR / BC
•Test & Development
•“Born in the Cloud”
•PSA/RMM Tools
© IBM Corporation 9
Securing the cloud
© IBM Corporation 10
SoftLayer Compliance
In place now...Manage to NIST 800-53 policy framework plus
SOC2 Report
FFIECRisk Assessment
HIPAA ReadyWill sign BAA
PCI ReadyLots of PCI Compliant Customers
FISMA Moderate FedRAMP pATO ISO 27001 PCI Attestation
SoftLayer has extensive industry certification demonstrating compliance with security and operational best practices
© IBM Corporation 11
Network and SecuritySoftLayer includes a rich set of functions, add-ons and configurable options
– Content Delivery Network• 24 nodes (integration with Object Storage)
• Secure content management
– Load balancing• Local (Array Networks)
• Global (F5 – Discontinued)
• Citrix Netscaler (Standard for Local and Platinum for Global)
– Firewalls• Shared
• Dedicated
• Fortigate Security Appliance (alt Vyatta)
– Application acceleration (Bare Metal, Netscaler, etc)
– DNS services
– IDS protection and assessment• McAfee Host Intrusion Protection with Reporting
– SSL certificate management
– Antivirus & malware protection (McAfee VirusScan)
© IBM Corporation 12
SoftLayer’s innovative network architecture and commitment to using the most advanced hardware technologies minimize data center and server exposure. The network integrates three distinct network architectures into the industry’s first Network-Within-a-Network topology. Systems are fully accessible to your administrative personnel but safely off-limits to others.
Network-Within-a-Network
Topology
l■ Public Network handles public traffic to hosted websites or online
resources
l■ Private Network allows for true out-of-band management through a
distinct stand-alone third carrier over SSL, PPTP, or IPSEC VPN gateways
l■ Data Center to Data Center Network provides free, secure connectivity
between servers housed in separate SoftLayer facilities
Network IDS/IPS ProtectionlThrough partnerships with leading hardware and software vendors,
SoftLayer offers a complete array of intrusion protection and assessment
options at both the network and host level
2-factor Authenticationl2-factor authentication for Customer Portal and SoftLayer VPN access
adds greater network security for hosts on the SoftLayer network
12
SoftLayer Network Security
© IBM Corporation 13
SoftLayer offers a comprehensive range of software and hardware security solutions, and strategic partnerships with industry-leading companies, to help you maximize uptime, protect private information and mitigate business risk.
Hardware Firewalls
■ Multi-tenant and dedicated hardware firewall solutions available
to meet different customer requirements.
■ Provisioned on demand without service interruptions, and fully
managed through the customer portal—you have complete control
of your systems' protection settings.
Anti-Virus and Anti-Spyware
Protection
McAfee LinuxShield and Windows VirusScan Anti-Virus included
with all servers and cloud compute instances. McAfee Total
Protection available as upgrade.
Nessus Vulnerability Scanning
SoftLayer partners with Nessus to provide vulnerability scans for
any device on the SoftLayer Network at no additional charge.
Vulnerability scans can be completed on demand using the
SoftLayer Customer Portal.
13
SoftLayer provides comprehensive tools to help you design and deploy sever level security at the workload level
SoftLayer Server Security
© IBM Corporation 14
Physical and operational security is the foundation of SoftLayer security - no other measures matter without it. That’s why every SoftLayer data center is fully audited based on SOC 2 Type II reporting on controls to meet industry-recognized requirements forsecurity.
Data Center and Server
Room Measures
l■ Data centers located only in facilities with controlled access and 24-
hour security
l■ No server room doors are public-facing
l■ Server rooms are staffed 24/7
l■ Un-marked entry and exit doors
l■ Digital security video surveillance
l■ Biometric & Key Card security systems for access to all data centers
l■ Server room access strictly limited to SoftLayer employees and
escorted contractors or visitors
l■ Barcode-only identification on hardware; no customer markings of any
type on the servers themselves
Operational Measures
l■ Engineers and technicians trained on industry standard policies and
procedures which are audited yearly
l■ Geographic redundancy for all core systems for disaster recovery and
business continuity
l■ All data removed from re-provisioned machines with drive wipe software
approved by the U.S. Department of Defense
l■ Current SOC 2 Type II report
14
SoftLayer Data Center Security
© IBM Corporation 15
Securing the Data with ICDES
© IBM Corporation 16
Manuel Daza
@dabarsm
ibm.biz/manueldaza
www.IBM.com/Cloud
Questions?