can i trust the cloud?

1

CYBER INTEGRATED SOLUTIONS

Can I Trust the Cloud?

W. Wyatt StarnesVP Advanced Concepts

22

Background

• Wyatt Starnes– Leads research and development for Harris Trusted

Enterprise Cloud and the Harris Cyber Integration Center

– Instrumental in establishing industry standards for security, compliance, and systems measurement

– Founder and former CEO of Signacert and Tripwire

– 36 years experience in high technology with eight startups

Harris has a 115-year history of engineering excellence, technical innovation, and customer delight.

• Harris Corporation– More than 16,000 employees including nearly 7,000

engineers and scientists

– $6 billion annual revenue

– Industry leader in mission critical networked systems

– Significant investment in Cyber Integrated Solutions

3


The Buzz about Cloud

44

Everyone is Talking Cloud…

55

Can I Trust the Cloud?

Configurability

Speed

Vendor lock-in

Support

Performance

Control

Security

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5

3.3

3.3

3.7

3.7

3.8

3.8

4.3

Information Week Analytics Cloud Computing Survey, 2009. Respondents were asked: How concerned are you with the following issues as they relate to cloud computing? (range from 1 to 5)

Which Cloud?

Private CloudOn premise enterprise data

center

Hybrid CloudMultiple elements of the

above

Community Cloud

Enterprise membership

Public CloudOff premise, multi-tenant

Shared resources

…but Which Cloud and Can I Trust it?

66

Barriers to the Cloud are Real

Trust

Cost & Control

7


What is Trust in the Cloud?

88

What is Trust?

Trust - Noun. • Reliance on the integrity, strength, ability, surety, etc., of a

person or thing.• Confident expectation of something.

99


“Trust in cloud computing is defined as the continuous monitoring of all quality of service (QoS) elements that impact business service delivery and continuity. These

include supply chain provenance, life cycle integrity, governance, security, privacy and transparency.”

1010


“…..….the commission supports programs such as Security Content Automation Protocol, or S-CAP, a

standard which enables the automation of reporting and verifying IT security control parameters. S-CAP provides a ready method to capture, test and continuously monitor the

controls and integrity settings required to achieve the respective standard and/or compliance requirements.”

1111

Security ≠ TrustTraditional security methods focus

on keeping bad code outHarris adds Positive Assurance

enabling full integrity verification

Explicit Trust through Positive Platform Assurance

All active elements in the infrastructure are monitored and validated including servers & network components (firewalls, routers, switches)

1212

The Pillars of Trust

Supply Chain

Positive A

ssurance

Service D

elivery

Security &

Compliance

TRUST

13


Building the Trusted Cloud

1414

The Trusted Enterprise Cloud

• World-class and purpose-built infrastructure – the Cyber Integration Center and Harris’ network of cyber facilities and operations centers

• Best-of-breed systems and processes – focused on virtualization, automation, a unique end-to-end service model, and customized control through the client portal

• Trust Enablement Technology – continuous monitoring and assessment of the device and software supply chain using our Global Trust Repository of 3 billion (growing by 3 million a day!) industry standard reference images and external vulnerability feeds

The industry’s first enterprise-grade, high-assurance cloud computing solution

ReferenceConfigurations

Application Data and

Signature Database Global Trust Repository

(GTR)

Enterprise Trust Server

Reporting

Inventory Reports

Change Reports

Compliance Reports

Notifications

IT Infrastructure• Ecommerce Service• Trading Service• Virtual Infrastructure• Web Servers• Database Servers• File Servers

• Directory Servers

Compliance Assessment

+2000 other vendors

1515

Proof that the code was actually built by the named supplier is a crucial element of software and device validation or attestation

Trust and Supply Chain

• Do I know that the software elements that I am loading and running on my platform ARE what they say they are?

• What proof do I have that the code I am using was actually built by the named vendor?

• Is an increasing concern for software & hardware vendors and users in all sectors

1616

Cyber Integration Center

• 100,000 sq ft dedicated facility• Buffered VA location• Operations support ISO 20000, ISO 27001,

SAS70 Type 2, NIST 800-53-High• Three secure data rooms• IT capacity > 340 W/sq ft• On site Client Operations & Security Center

• Two physically diverse telecom pathways

• Two water sources used for cooling

• Dual power sources from two separate substations

• Nine generators for backup power

• 100’ perimeter security fence with intrusion detection

• Interior and exterior motion-activated video monitoring

• Biometric access scanners and man-trap portal

• 24/7/365 on-site security guards & video surveillance

• LEED Silver designed• Green construction• Five, 500 ton, high efficiency

centrifugal chillers• Chemical free cooling water

reuse• Green IT Audacious Idea

Award

1717

Delivering Cyber Assurance Through Continuous Monitoring and Control

Risk Management – NIST SP800-37

Security Foundation is NIST SP800-53 (High Impact)

Automation, Vulnerability Identification & Software Authenticity Validation

Security Tools & Components (Based on SP800-53)

Log Monitoring

Intrusion Prevention

Anti-Malware DLP Other

S-CAP:Security Content

Automated Protocol

Configuration Management &

Vulnerability Assessment

High Fidelity Software

Signatures

FoundationAutomated Defense In Depth Security Controls via NIST SP800-53/37

Explicit TrustAutomated Positive Platform Assurance and S/W Supply Chain validation

Complete Cyber Assurance

1818

Marquee Facility Backed by a Global Support Network

Harris Cyber Integration Center

• Multiple Harris Cyber facilities• CapRock, GCS & Other network backbones• 24/7/365 field support locations• Readily Accessible Partner Facilities

• 18 Teleports Across 6 Continents• 6 Network Operations Centers (24x7)• 83 PoPs on Global Terrestrial Network• 140 Countries Served

19


Building Your Cloud

2020

Trusted Multi-Tenant Cloud

Client A

Choose the Cloud That’s Right for You

Trusted Dedicated

Cloud

Client A

Trusted Dedicated

Cloud

Client B

Trusted Dedicated

Cloud

Client C

Client B Client C

Harris Trusted Enterprise Cloud™

VPN or VPLSTrustedPrivateCloud

Client EnterpriseCyber Integrated Solutions

Client Operations & Security Center

Choose the elements of your cloud. Manage as one system.

2121


Client A

Choose the Cloud That’s Right for You

Trusted Dedicated

Cloud

Client A

Trusted Dedicated

Cloud

Client B

Trusted Dedicated

Cloud

Client C

Client B Client C

Harris Trusted Enterprise Cloud™





• Three core components to create the cloud architecture that is right for your enterprise

• Each component features:– Cloud Infrastructure as a Service (IaaS)– Harris Trusted Enterprise Cloud security controls

and trust enablement technology– Embedded continuous monitoring– Control & management via the Cyber Operations and

Security Center (COSC)

2222


Client A

Trusted Enterprise Cloud Configurations

Trusted Dedicated

Cloud

Client A

Trusted Dedicated

Cloud

Client B

Trusted Dedicated

Cloud

Client C

Client B Client C





• Hosted cloud infrastructure for provisioning on demand

• Secure multi-tenant or dedicated single tenant infrastructure

– Hosted private cloud– Public cloud

• Designed to exceed the VCE VMDC 2.0 Reference Architecture

2323


Client A

Trusted Private Cloud

Trusted Dedicated

Cloud

Client A

Trusted Dedicated

Cloud

Client B

Trusted Dedicated

Cloud

Client C

Client B Client C

Trusted Enterprise Cloud





• On-premise cloud – remotely managed by Harris Client Operations and Security Center

• Capacity and agility benefits of cloud computing with the control of on-premise equipment

• Harris trust enablement technologies

• Eases migration path to the cloud

2424

Key Features & Benefits

Features Benefits

Global Trust Repository• Explicit trust that goes beyond security• Software supply chain traceable directly to vendor

Enterprise Trust Server

• High fidelity change identification & control– What is on your system– Where it came from– How it is configured

• Control platform drift and increase platform stabilityBuilt to industry's highest security standards

• Security controls in place to host compliant applications for HIPAA, PCI, FISMA, SOX and others

S-CAP Standardized Automation

• Real time vulnerability identification and security adjustments

• See your compliance posture on demand• Lower your certification costs

Control via the client portal

• Robust self service capability• Appears as extension of your infrastructure

25


You Can Trust the Cloud!

2626


2727


“The Harris Trusted Enterprise Cloud clearly offers advanced security and trust capabilities far in excess of what you'd normally find in the vast majority of enterprise IT environments. It's arguably much better than you could do yourself, or – at least – do in a reasonable fashion.”

“They created a purpose-built enterprise cloud that was arguably orders of magnitude more secure and more trusted than anything an IT environment could do for themselves.”

“You'll see, it's far far better in many regards.”

2828

Trust In The Cloud

• The industry’s first enterprise-grade, high-assurance cloud computing solution

• World class partners providing best of breed technology

• Cyber integration expertise to cost effectively meet the unique needs of your business

• Trust enablement technology that goes beyond security to unprecedented visibility and control of your infrastructure

www.cyber.harris.com

29


Thank [email protected]