20160302 security on ibm cloud

1© 2015 IBM Corporation© 2016 IBM Corporation

Security on IBM Cloud

Manuel DazaIBM Cloud Sales Specialist Europe

@dabarsm

February 2016

© IBM Corporation 2

83%

of enterprises have difficulty

finding the security skills they need2012 ESG Research

85 security tools from

45 vendorsIBM client example

… and traditional security practices are unsustainable

of security executives have

cloud and mobile concerns2013 IBM CISO Survey

70%

mobile devicesIBM X-Force Threat Intelligence Quarterly 1Q 2015,

11.6MMobile malware is affecting

New technologies introduce new risks…


IBM Cloud: Choice with Consistency

© IBM Corporation 4© IBM Corporation 4IBM CONFIDENTIAL

The IBM Cloud Value Proposition

Open Cloud Architecture

One Cloud Platform

One Cloud PlatformOpen Cloud ArchitectureOne User Experience


IBM OpenStack offering portfolio

Private Cloud

Dedicated

Cloud Management

(IBM Cloud Orchestrator, UrbanCode)

Public Cloud

Public Local

BlueMixPublic Dedicated Local


Expansive network of IBM Cloud data centers

Over 40 global cloud centers

Open, secure, and scalable

Secure, high-speed network

Expert services and tools

Secure integration to on-premise

North America Regions

• US East

• US Central

• US West

• Canada

• Mexico

European Regions

• United Kingdom

• Netherlands

• Germany

• France

• Italy

Asia Pacific Regions

• Japan

• Australia

• Singapore

• Hong Kong

• India


Next Gen enterprise appsBorn on the web

Moving to the cloud

SoftLayer services born on the web customers and meets the

cloud demands of businesses across the spectrum

SoftLayer works for organizations


Workloads Running in the cloud

•Active Directory & Exchange

•File Servers

•App and Database Servers

•Web Servers

•Private and Hybrid Clouds

•Backup / DR / BC

•Test & Development

•“Born in the Cloud”

•PSA/RMM Tools


Securing the cloud


SoftLayer Compliance

In place now...Manage to NIST 800-53 policy framework plus

SOC2 Report

FFIECRisk Assessment

HIPAA ReadyWill sign BAA

PCI ReadyLots of PCI Compliant Customers

FISMA Moderate FedRAMP pATO ISO 27001 PCI Attestation

SoftLayer has extensive industry certification demonstrating compliance with security and operational best practices


Network and SecuritySoftLayer includes a rich set of functions, add-ons and configurable options

– Content Delivery Network• 24 nodes (integration with Object Storage)

• Secure content management

– Load balancing• Local (Array Networks)

• Global (F5 – Discontinued)

• Citrix Netscaler (Standard for Local and Platinum for Global)

– Firewalls• Shared

• Dedicated

• Fortigate Security Appliance (alt Vyatta)

– Application acceleration (Bare Metal, Netscaler, etc)

– DNS services

– IDS protection and assessment• McAfee Host Intrusion Protection with Reporting

– SSL certificate management

– Antivirus & malware protection (McAfee VirusScan)


SoftLayer’s innovative network architecture and commitment to using the most advanced hardware technologies minimize data center and server exposure. The network integrates three distinct network architectures into the industry’s first Network-Within-a-Network topology. Systems are fully accessible to your administrative personnel but safely off-limits to others.

Network-Within-a-Network

Topology

l■ Public Network handles public traffic to hosted websites or online

resources

l■ Private Network allows for true out-of-band management through a

distinct stand-alone third carrier over SSL, PPTP, or IPSEC VPN gateways

l■ Data Center to Data Center Network provides free, secure connectivity

between servers housed in separate SoftLayer facilities

Network IDS/IPS ProtectionlThrough partnerships with leading hardware and software vendors,

SoftLayer offers a complete array of intrusion protection and assessment

options at both the network and host level

2-factor Authenticationl2-factor authentication for Customer Portal and SoftLayer VPN access

adds greater network security for hosts on the SoftLayer network

12

SoftLayer Network Security


SoftLayer offers a comprehensive range of software and hardware security solutions, and strategic partnerships with industry-leading companies, to help you maximize uptime, protect private information and mitigate business risk.

Hardware Firewalls

■ Multi-tenant and dedicated hardware firewall solutions available

to meet different customer requirements.

■ Provisioned on demand without service interruptions, and fully

managed through the customer portal—you have complete control

of your systems' protection settings.

Anti-Virus and Anti-Spyware

Protection

McAfee LinuxShield and Windows VirusScan Anti-Virus included

with all servers and cloud compute instances. McAfee Total

Protection available as upgrade.

Nessus Vulnerability Scanning

SoftLayer partners with Nessus to provide vulnerability scans for

any device on the SoftLayer Network at no additional charge.

Vulnerability scans can be completed on demand using the

SoftLayer Customer Portal.

13

SoftLayer provides comprehensive tools to help you design and deploy sever level security at the workload level

SoftLayer Server Security


Physical and operational security is the foundation of SoftLayer security - no other measures matter without it. That’s why every SoftLayer data center is fully audited based on SOC 2 Type II reporting on controls to meet industry-recognized requirements forsecurity.

Data Center and Server

Room Measures

l■ Data centers located only in facilities with controlled access and 24-

hour security

l■ No server room doors are public-facing

l■ Server rooms are staffed 24/7

l■ Un-marked entry and exit doors

l■ Digital security video surveillance

l■ Biometric & Key Card security systems for access to all data centers

l■ Server room access strictly limited to SoftLayer employees and

escorted contractors or visitors

l■ Barcode-only identification on hardware; no customer markings of any

type on the servers themselves

Operational Measures

l■ Engineers and technicians trained on industry standard policies and

procedures which are audited yearly

l■ Geographic redundancy for all core systems for disaster recovery and

business continuity

l■ All data removed from re-provisioned machines with drive wipe software

approved by the U.S. Department of Defense

l■ Current SOC 2 Type II report

14

SoftLayer Data Center Security


Securing the Data with ICDES


Manuel Daza

[email protected]

@dabarsm

ibm.biz/manueldaza

www.IBM.com/Cloud

Questions?

20160302 security on ibm cloud

Technology