bt cloud enterprise service store - rob rowlingson
Post on 17-Jul-2015
179 Views
Preview:
TRANSCRIPT
© British Telecommunications plc
Template Version 1.2
Future Cloud Action Line
High Impact Initiative
© British Telecommunications plc
Template Version 1.2BT Assure. Security that matters
Rob RowlingsonPrincipal Security Researcher, BT Research & Technology
Contact: robert.rowlingson@bt.com
BT Cloud Enterprise Service Store with Intelligent Protection
© British Telecommunications plc
Template Version 1.2
Motivation: CIO dilemma: cloud vs. visibility & control
You have to:
Protect IT assets against
cyber-threats
Account for security
incidents.
I worry about:
My privacy
Loss of my data
The integrity of transactions
Harmful cloud applications
Cloud is cheap – use it now!
Security is too expensive – find a way around it …
I guarantee the
infrastructure & platform
You protect your
applications and data
Every cloud journey is
a new security project
• Migration
assessment
• Risk Analysis
Architecture
• Integration costs
• Operational costsSecurity Consultant
Cybercrime thrives on application/data/
platform/infrastructure
security gaps
Confused
CIO
End-User
CFO
Cloud Provider
Cloud adoption will always be limited until the
application/data/infrastructure security & governance gap is filled
Cloud providers consider application & data protection to be beyond their concern
Complicated and expensive for users to protect assets on public or hybrid clouds
Cloud users have little visibility or control of how their assets are protected in the cloud
© British Telecommunications plc
Template Version 1.2
Why Work with BT?
• BT Cloud Compute
– Exposure via a global cloud service
– 16 platforms, 4 continents, 45 data centres
– 4 global customer service centre hubs and 22 satellite
centres
– operating 24/7 and serving businesses in 198 countries.
• HII Trusted Ecosystem Accelerator (3rd Party
Ecosystem)
• ‘Intelligent Protection’ for your Applications
• New market opportunities for Cloud services
• Close collaboration with BT Research and Innovation
© British Telecommunications plc
Template Version 1.2
Common Capabilities for Cloud Service Stores:
basic ecosystem definition
5Cloud-based On-premise
Fully managed
Self-managed
Automatic Application Protection
6
• During Application Provisioning, Customers / Tenants:
• Purchase Intelligent Protection License for the required Security Modules (Firewall, Anti-Malware, Intrusion Detection, Integrity Monitoring, Log Inspection)
• Select an Application from the Application Market Place.
• Automatically Protect deployed Application with selected Host Security Options.
Protected Application Provisioning
© British Telecommunications plc
Slide 7Cloud portal
Intelligent ProtectionSecurity Dashboard
Core strengths & innovative features
• In flight intrusion prevention, no down time
• Comprehensive security solution: Virtual firewall, IPS, Security Patch management, Anti-malware
• 360o Protection of customer applications
• Build for Cloud/VDC- hypervisor level security, more effective, easier to integrate into the cloud
• Supports physical servers & computers devices – agents can be deployed on physical or virtual hosts
BT Intelligent Protection
BT Intelligent Protection
High-Level Architecture
8
Automated Data Protection in the CloudIaaS/PaaS edition
9
Via the dashboard/portal, users can:
1. Attach, detach, encrypt or share encrypted data volumes, file-system directories
and data objects (e.g. files) with 3-clicks in <2min.
2. Define context (location/time/ownership/security-level)–based data access
3. Access a personalised secure key-store hosted by BT (on premise variants are
also available on request)
It is fully validated on BT Cloud and partly on 3rd parties (Amazon). Trials show
<10% overhead of encrypted storage operations,
<5% overhead to provisioning time of unprotected VMs
© British Telecommunications plc
Template Version 1.2
Overview of Trusted Cloud Digital Service Store:
indicative user journeys
General Use of Digital Market Place
Application Store Catalogue
Infrastructure Store Catalogue
STaaS Catalogue
On-board an Application
Design a new workload
Deploy an application
Infrastructure Use Deploy Apps in internal cloud (Cloud Platform, OpenStack, etc.)
Deploy Apps in public cloud Amazon EC2, Azure, BT Compute)
Use object storage (STaaS) and Encryption as a Service
Use of “Horizontal” Cloud/Cyber Security Services
Application and Host protection: Protect applications in multiple clouds via Intelligent Protection
Data protection (Encryption) as a Service: Encrypt files and virtual volumes in the cloud
Email filtering as a Service: Email server purchased via the Appstore
External email server
Use in R&D, trials and production
• Exposure via a global cloud service
• 16 platforms across 4 continents
• 45 data centres
• 4 global customer service centre hubs and 22satellite centres
• operating 24/7 and serving businesses in 198 countries.
Incorporated into BT Cloud Compute release roadmap as a value-add feature
• UK:
• London Borough of Camden
• Italy:
• City of Genoa
• Serbia:
• Strati-Grand, Belgrade
• Exposure to 2000 users of public services
• Enable secure consumption of public services across European regions
Baseline technology for governmental cloud pilots
•Part of Trusted Cloud Platform - EIT ICT Labs High Impact Initiative
•To be exposed to UK SMEs for as a co-innovation platform by the ICT Catapult in the UK
•Platform of choice for future research on cyber-securityattack analysis and prevention by Imperial College London – UK Global Uncertainties programme
Baseline platform for Trusted Cloud innovation by SMEs
New customer experience
• Make security management integral part of cloud application assemblyFusion
• integrity &security functions become managed parameters• while the form and coverage of the functions automatically adjust to user
selection.
Uniformity and Customisation
• “click-to-buy” security services
• “click-to-build” secure applications in less than 5 clicks.Automation
• automatic generation of recommended security policy• based on vulnerability analysis of the application stack, cloud
characteristics, user preferences and desired business impact levels;Versatility
• one cloud-based service securing applications and data on multiple private and public cloud infrastructures and platformsUniversality
• Automatically generated customisable security dashboard per user
• Unifying view of the security state of user’s applications on any cloudVisibility
• enables enforcing a common security policy to
• all instances of an application on multiple cloud environments.Control
Simplified customer experience through a market place, and a service and security management dashboard. Eliminates costs and risks of deployment, integration and management of complex security software or appliances.
SummaryFusionMake security management integralpart of cloud data & application assembly
Ubiquityintegrity &security functions become
managed parameters
Automated
“click-to-buy” security services
“click-to-build” secure data & applications in less than 5 clicks.
Versatileautomatic generation
of recommended security policy
Universalone service protecting applications and data on multiple clouds
VisibilityUnifying view of the security state of user’s
applications on any cloud
Controlenables enforcing a common enterprise security policy across clouds
Exposure in production via a global cloud service(BT Cloud Compute)
Exposure to 2000 users of public services
UK Research & DevelopmentProduct Development
Core Service operations
“The benefit has been in convincing the customer that Security is not just in our DNA, it's something that they can embed in their DNA with a single click!” David Cairns,
Principle Solutions Architect, BT Cloud Compute
top related