logging in or signing up CloudConnect and CloudProtect: A Foundation for Secure Cloud Computing Layer7 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 161 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: January 17, 2011 This Presentation is Public Favorites: 0 Presentation Description Learn how to clearly differentiate between two important forms of cloud governance: security in the cloud and security for the cloud. Comments Posting comment... By: ahujasupriya (14 month(s) ago) hello i read ur ppt its really very good. can u please mail it to me at ahujasupriya@gmail.com it will be very nice of you thanks Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Cloud Connect/Cloud Protect : Cloud Connect/Cloud Protect A Foundation for Secure Cloud Computing K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies Steve Coplan Senior Analyst, Enterprise Security Practice The 451 Group Agenda : Agenda The Policy Enforcement Point (PEP) as a foundation for governance The importance of policy From SOA governance to cloud governance Exploring Cloud governance through use cases: Software-as-a-Service (SaaS) calling back to on-premise data New Infrastructure-as-a-Service (IaaS) applications 2 The Policy Enforcement Point (PEP) is the Foundation of All SOA Governance Technology : The Policy Enforcement Point (PEP) is the Foundation of All SOA Governance Technology SOA Service Provider Policy Enforcement Point (PEP) SOA Message The PEP applies polices to communication streams Corporate IAM The Elements of Run Time Governance : The Elements of Run Time Governance SOA Service Provider SOA Message Stream Monitor & Report Enforce Publish No Agents Service agnostic If you sit in the middle, you can do anything Policy is Fundamental to Governance. : Policy is Fundamental to Governance. Policy is everything you can do as an intermediary Security, SLA, routing, audit, orchestration, etc Dozens of out-of-the-box policies across 10 functional areas Scripting language supports: conditional branching event traps and audit trigger points user-defined context variables and more Out-of-the-box assertions Build policies from atomic assertions & policy fragments Automatically validate polices as they’re built Cloud Governance is a Logical Evolution of SOA Governance : Cloud Governance is a Logical Evolution of SOA Governance SOA Process, Policy, and Technology Cloud Applications Enterprise SOA Cloud Governance Use Cases : Cloud Governance Use Cases Managing cloud applications that need access to internal data and services Connecting SaaS to enterprise network This is security for the cloud Managing and Monitoring new applications in the cloud Connecting the enterprise network and cloud This is security in the cloud Problem: Cloud Services Need Access to On-Premises Data : Firewall Problem: Cloud Services Need Access to On-Premises Data Enterprise On-Premise IT Directory Cloud Service can’t get through the firewall Solution: Cloud Connect Your Gateway to the Cloud : Solution: Cloud Connect Your Gateway to the Cloud On Premise Network Managed SaaS access to corporate data Single Sign on to SaaS Applications Centralized Control Existing IAM Existing Data Services Access Control Alarms and audit Safe routing This is security for the cloud Cloud Connect Scenario #1 Browser Single Sign-On to SaaS Applications : Cloud Connect Scenario #1 Browser Single Sign-On to SaaS Applications On Premise Network Managed SSO to cloud-base SaaS Leverage wide-range of local IAM Existing IAM Cloud Connect Scenario #2 Managing SaaS Access to Internal Data : Cloud Connect Scenario #2 Managing SaaS Access to Internal Data On Premise Network Secure, policy-driven access to existing corporate data sources Databases, mainframe, etc Existing IAM Internal Network Access Policy : Internal Network Access Policy Customer Use Case: Accessing Corporate Data from Salesforce.com : Customer Use Case: Accessing Corporate Data from Salesforce.com On Premise Network Managed Salesforce.com access to corporate data Calendar & customer data Mapping of identities: Salesforce.comOn premise Existing IAM Existing Data Services 1. 2. 3. 4. 5. Problem: Your Applications are Moving into the Cloud : Problem: Your Applications are Moving into the Cloud Protecting & monitoring your applications in the cloud Giving your cloud apps access to on-premises data sources Big picture view of the distributed application network Enterprise On-Premise IT ? ? Solution: Cloud Protect Your Gatekeeper in the Cloud : Solution: Cloud Protect Your Gatekeeper in the Cloud Application-Layer Isolation, Monitoring, & Control Hardware SSG Cloud SSG Identical Functionality On Premise Network Your IaaS Cloud Applications Virtual SecureSpan Hardware SecureSpan Instances This is security in the cloud Cloud Protect Scenario #1 Controlling Access to IaaS-resident Applications : Cloud Protect Scenario #1 Controlling Access to IaaS-resident Applications On Premise Network Your IaaS Cloud Applications Secure Tunnel Cloud Application Security Virtual SecureSpan External Client Cloud Protect Scenario #2 Managing Access from IaaS clouds : Cloud Protect Scenario #2 Managing Access from IaaS clouds On Premise Network Your IaaS Cloud Applications Virtual SecureSpan Hardware SecureSpan Instances Secure Tunnel Rich Policy Control Summary : Summary SOA taught us the value of the decoupled policy layer The Policy Enforcement Point (PEP) applies policy to SOA transactions This is the foundation of run time governance We should use SOA governance as a model for cloud governance Cloud governance is best summed up in two real use cases: Managed access for SaaS applications needing access to corporate on-premise data Protection of new IaaS cloud applications 18 Slide 19: For further information: K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies 405 – 1100 Melville St. Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.com Blog: http://kscottmorrison.ulitzer.com/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
CloudConnect and CloudProtect: A Foundation for Secure Cloud Computing Layer7 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 161 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: January 17, 2011 This Presentation is Public Favorites: 0 Presentation Description Learn how to clearly differentiate between two important forms of cloud governance: security in the cloud and security for the cloud. Comments Posting comment... By: ahujasupriya (14 month(s) ago) hello i read ur ppt its really very good. can u please mail it to me at ahujasupriya@gmail.com it will be very nice of you thanks Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Cloud Connect/Cloud Protect : Cloud Connect/Cloud Protect A Foundation for Secure Cloud Computing K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies Steve Coplan Senior Analyst, Enterprise Security Practice The 451 Group Agenda : Agenda The Policy Enforcement Point (PEP) as a foundation for governance The importance of policy From SOA governance to cloud governance Exploring Cloud governance through use cases: Software-as-a-Service (SaaS) calling back to on-premise data New Infrastructure-as-a-Service (IaaS) applications 2 The Policy Enforcement Point (PEP) is the Foundation of All SOA Governance Technology : The Policy Enforcement Point (PEP) is the Foundation of All SOA Governance Technology SOA Service Provider Policy Enforcement Point (PEP) SOA Message The PEP applies polices to communication streams Corporate IAM The Elements of Run Time Governance : The Elements of Run Time Governance SOA Service Provider SOA Message Stream Monitor & Report Enforce Publish No Agents Service agnostic If you sit in the middle, you can do anything Policy is Fundamental to Governance. : Policy is Fundamental to Governance. Policy is everything you can do as an intermediary Security, SLA, routing, audit, orchestration, etc Dozens of out-of-the-box policies across 10 functional areas Scripting language supports: conditional branching event traps and audit trigger points user-defined context variables and more Out-of-the-box assertions Build policies from atomic assertions & policy fragments Automatically validate polices as they’re built Cloud Governance is a Logical Evolution of SOA Governance : Cloud Governance is a Logical Evolution of SOA Governance SOA Process, Policy, and Technology Cloud Applications Enterprise SOA Cloud Governance Use Cases : Cloud Governance Use Cases Managing cloud applications that need access to internal data and services Connecting SaaS to enterprise network This is security for the cloud Managing and Monitoring new applications in the cloud Connecting the enterprise network and cloud This is security in the cloud Problem: Cloud Services Need Access to On-Premises Data : Firewall Problem: Cloud Services Need Access to On-Premises Data Enterprise On-Premise IT Directory Cloud Service can’t get through the firewall Solution: Cloud Connect Your Gateway to the Cloud : Solution: Cloud Connect Your Gateway to the Cloud On Premise Network Managed SaaS access to corporate data Single Sign on to SaaS Applications Centralized Control Existing IAM Existing Data Services Access Control Alarms and audit Safe routing This is security for the cloud Cloud Connect Scenario #1 Browser Single Sign-On to SaaS Applications : Cloud Connect Scenario #1 Browser Single Sign-On to SaaS Applications On Premise Network Managed SSO to cloud-base SaaS Leverage wide-range of local IAM Existing IAM Cloud Connect Scenario #2 Managing SaaS Access to Internal Data : Cloud Connect Scenario #2 Managing SaaS Access to Internal Data On Premise Network Secure, policy-driven access to existing corporate data sources Databases, mainframe, etc Existing IAM Internal Network Access Policy : Internal Network Access Policy Customer Use Case: Accessing Corporate Data from Salesforce.com : Customer Use Case: Accessing Corporate Data from Salesforce.com On Premise Network Managed Salesforce.com access to corporate data Calendar & customer data Mapping of identities: Salesforce.comOn premise Existing IAM Existing Data Services 1. 2. 3. 4. 5. Problem: Your Applications are Moving into the Cloud : Problem: Your Applications are Moving into the Cloud Protecting & monitoring your applications in the cloud Giving your cloud apps access to on-premises data sources Big picture view of the distributed application network Enterprise On-Premise IT ? ? Solution: Cloud Protect Your Gatekeeper in the Cloud : Solution: Cloud Protect Your Gatekeeper in the Cloud Application-Layer Isolation, Monitoring, & Control Hardware SSG Cloud SSG Identical Functionality On Premise Network Your IaaS Cloud Applications Virtual SecureSpan Hardware SecureSpan Instances This is security in the cloud Cloud Protect Scenario #1 Controlling Access to IaaS-resident Applications : Cloud Protect Scenario #1 Controlling Access to IaaS-resident Applications On Premise Network Your IaaS Cloud Applications Secure Tunnel Cloud Application Security Virtual SecureSpan External Client Cloud Protect Scenario #2 Managing Access from IaaS clouds : Cloud Protect Scenario #2 Managing Access from IaaS clouds On Premise Network Your IaaS Cloud Applications Virtual SecureSpan Hardware SecureSpan Instances Secure Tunnel Rich Policy Control Summary : Summary SOA taught us the value of the decoupled policy layer The Policy Enforcement Point (PEP) applies policy to SOA transactions This is the foundation of run time governance We should use SOA governance as a model for cloud governance Cloud governance is best summed up in two real use cases: Managed access for SaaS applications needing access to corporate on-premise data Protection of new IaaS cloud applications 18 Slide 19: For further information: K. Scott Morrison Chief Technology Officer & Chief Architect Layer 7 Technologies 405 – 1100 Melville St. Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.com Blog: http://kscottmorrison.ulitzer.com/