SlideShare a Scribd company logo

BT Cloud Enterprise Service Store - Rob Rowlingson

Download as PPTX, PDF
Digital Catapult
Digital Catapult

Rob Rowlingson, Principal Security Researcher at BT Research and Technology, gave this presentation at the EIT ICT Labs Interactive Cloud Clinic event.

Related slideshows

Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
 
1 of 14
©British Telecommunicationsplc TemplateVersion1.2 Future Cloud Action Line High Impact Initiative
©British Telecommunicationsplc TemplateVersion1.2 BT Assure. Security that matters Rob Rowlingson Principal Security Researcher, BT Research & Technology Contact: robert.rowlingson@bt.com BT Cloud Enterprise Service Store with Intelligent Protection
©British Telecommunicationsplc TemplateVersion1.2 Motivation: CIO dilemma: cloud vs. visibility & control You have to: Protect IT assets against cyber-threats Account for security incidents. I worry about: My privacy Loss of my data The integrity of transactions Harmful cloud applications Cloud is cheap – use it now! Security is too expensive – find a way around it … I guarantee the infrastructure & platform You protect your applications and data Every cloud journey is a new security project • Migration assessment • Risk Analysis Architecture • Integration costs • Operational costsSecurity Consultant Cybercrime thrives on application/data/ platform/infrastructure security gaps Confused CIO End-User CFO Cloud Provider Cloud adoption will always be limited until the application/data/infrastructure security & governance gap is filled Cloud providers consider application & data protection to be beyond their concern Complicated and expensive for users to protect assets on public or hybrid clouds Cloud users have little visibility or control of how their assets are protected in the cloud
©British Telecommunicationsplc TemplateVersion1.2 Why Work with BT? • BT Cloud Compute – Exposure via a global cloud service – 16 platforms, 4 continents, 45 data centres – 4 global customer service centre hubs and 22 satellite centres – operating 24/7 and serving businesses in 198 countries. • HII Trusted Ecosystem Accelerator (3rd Party Ecosystem) • ‘Intelligent Protection’ for your Applications • New market opportunities for Cloud services • Close collaboration with BT Research and Innovation
©British Telecommunicationsplc TemplateVersion1.2 Common Capabilities for Cloud Service Stores: basic ecosystem definition 5 Cloud-based On-premise Fully managed Self-managed
Automatic Application Protection 6 • During Application Provisioning, Customers / Tenants: • Purchase Intelligent Protection License for the required Security Modules (Firewall, Anti-Malware, Intrusion Detection, Integrity Monitoring, Log Inspection) • Select an Application from the Application Market Place. • Automatically Protect deployed Application with selected Host Security Options. Protected Application Provisioning
©British Telecommunicationsplc Slide 7 Cloud portal Intelligent Protection Security Dashboard Core strengths & innovative features • In flight intrusion prevention, no down time • Comprehensive security solution: Virtual firewall, IPS, Security Patch management, Anti-malware • 360o Protection of customer applications • Build for Cloud/VDC- hypervisor level security, more effective, easier to integrate into the cloud • Supports physical servers & computers devices – agents can be deployed on physical or virtual hosts BT Intelligent Protection
BT Intelligent Protection High-Level Architecture 8
Automated Data Protection in the Cloud IaaS/PaaS edition 9 Via the dashboard/portal, users can: 1. Attach, detach, encrypt or share encrypted data volumes, file-system directories and data objects (e.g. files) with 3-clicks in <2min. 2. Define context (location/time/ownership/security-level)–based data access 3. Access a personalised secure key-store hosted by BT (on premise variants are also available on request) It is fully validated on BT Cloud and partly on 3rd parties (Amazon). Trials show <10% overhead of encrypted storage operations, <5% overhead to provisioning time of unprotected VMs
©British Telecommunicationsplc TemplateVersion1.2 Overview of Trusted Cloud Digital Service Store: indicative user journeys General Use of Digital Market Place Application Store Catalogue Infrastructure Store Catalogue STaaS Catalogue On-board an Application Design a new workload Deploy an application Infrastructure Use Deploy Apps in internal cloud (Cloud Platform, OpenStack, etc.) Deploy Apps in public cloud Amazon EC2, Azure, BT Compute) Use object storage (STaaS) and Encryption as a Service Use of “Horizontal” Cloud/Cyber Security Services Application and Host protection: Protect applications in multiple clouds via Intelligent Protection Data protection (Encryption) as a Service: Encrypt files and virtual volumes in the cloud Email filtering as a Service: Email server purchased via the Appstore External email server
Use in R&D, trials and production • Exposure via a global cloud service • 16 platforms across 4 continents • 45 data centres • 4 global customer service centre hubs and 22 satellite centres • operating 24/7 and serving businesses in 198 countries. Incorporated into BT Cloud Compute release roadmap as a value-add feature • UK: •London Borough of Camden •Italy: •City of Genoa •Serbia: •Strati-Grand, Belgrade •Exposure to 2000 users of public services •Enable secure consumption of public services across European regions Baseline technology for governmental cloud pilots •Part of Trusted Cloud Platform - EIT ICT Labs High Impact Initiative •To be exposed to UK SMEs for as a co-innovation platform by the ICT Catapult in the UK •Platform of choice for future research on cyber-security attack analysis and prevention by Imperial College London – UK Global Uncertainties programme Baseline platform for Trusted Cloud innovation by SMEs
New customer experience • Make security management integral part of cloud application assemblyFusion • integrity &security functions become managed parameters • while the form and coverage of the functions automatically adjust to user selection. Uniformity and Customisation • “click-to-buy” security services • “click-to-build” secure applications in less than 5 clicks. Automation •automatic generation of recommended security policy • based on vulnerability analysis of the application stack, cloud characteristics, user preferences and desired business impact levels; Versatility •one cloud-based service securing applications and data on multiple private and public cloud infrastructures and platformsUniversality • Automatically generated customisable security dashboard per user •Unifying view of the security state of user’s applications on any cloud Visibility • enables enforcing a common security policy to •all instances of an application on multiple cloud environments. Control Simplified customer experience through a market place, and a service and security management dashboard. Eliminates costs and risks of deployment, integration and management of complex security software or appliances.
SummaryFusion Make security management integral part of cloud data & application assembly Ubiquity integrity &security functions become managed parameters Automated “click-to-buy” security services “click-to-build” secure data & applications in less than 5 clicks. Versatile automatic generation of recommended security policy Universal one service protecting applications and data on multiple clouds VisibilityUnifying view of the security state of user’s applications on any cloud Control enables enforcing a common enterprise security policy across clouds Exposure in production via a global cloud service (BT Cloud Compute) Exposure to 2000 users of public services UK Research & Development Product Development Core Service operations “The benefit has been in convincing the customer that Security is not just in our DNA, it's something that they can embed in their DNA with a single click!” David Cairns, Principle Solutions Architect, BT Cloud Compute
BT Cloud Enterprise Service Store - Rob Rowlingson

More Related Content

BT Cloud Enterprise Service Store - Rob Rowlingson

  • 2. ©British Telecommunicationsplc TemplateVersion1.2 BT Assure. Security that matters Rob Rowlingson Principal Security Researcher, BT Research & Technology Contact: robert.rowlingson@bt.com BT Cloud Enterprise Service Store with Intelligent Protection
  • 3. ©British Telecommunicationsplc TemplateVersion1.2 Motivation: CIO dilemma: cloud vs. visibility & control You have to: Protect IT assets against cyber-threats Account for security incidents. I worry about: My privacy Loss of my data The integrity of transactions Harmful cloud applications Cloud is cheap – use it now! Security is too expensive – find a way around it … I guarantee the infrastructure & platform You protect your applications and data Every cloud journey is a new security project • Migration assessment • Risk Analysis Architecture • Integration costs • Operational costsSecurity Consultant Cybercrime thrives on application/data/ platform/infrastructure security gaps Confused CIO End-User CFO Cloud Provider Cloud adoption will always be limited until the application/data/infrastructure security & governance gap is filled Cloud providers consider application & data protection to be beyond their concern Complicated and expensive for users to protect assets on public or hybrid clouds Cloud users have little visibility or control of how their assets are protected in the cloud
  • 4. ©British Telecommunicationsplc TemplateVersion1.2 Why Work with BT? • BT Cloud Compute – Exposure via a global cloud service – 16 platforms, 4 continents, 45 data centres – 4 global customer service centre hubs and 22 satellite centres – operating 24/7 and serving businesses in 198 countries. • HII Trusted Ecosystem Accelerator (3rd Party Ecosystem) • ‘Intelligent Protection’ for your Applications • New market opportunities for Cloud services • Close collaboration with BT Research and Innovation
  • 5. ©British Telecommunicationsplc TemplateVersion1.2 Common Capabilities for Cloud Service Stores: basic ecosystem definition 5 Cloud-based On-premise Fully managed Self-managed
  • 6. Automatic Application Protection 6 • During Application Provisioning, Customers / Tenants: • Purchase Intelligent Protection License for the required Security Modules (Firewall, Anti-Malware, Intrusion Detection, Integrity Monitoring, Log Inspection) • Select an Application from the Application Market Place. • Automatically Protect deployed Application with selected Host Security Options. Protected Application Provisioning
  • 7. ©British Telecommunicationsplc Slide 7 Cloud portal Intelligent Protection Security Dashboard Core strengths & innovative features • In flight intrusion prevention, no down time • Comprehensive security solution: Virtual firewall, IPS, Security Patch management, Anti-malware • 360o Protection of customer applications • Build for Cloud/VDC- hypervisor level security, more effective, easier to integrate into the cloud • Supports physical servers & computers devices – agents can be deployed on physical or virtual hosts BT Intelligent Protection
  • 9. Automated Data Protection in the Cloud IaaS/PaaS edition 9 Via the dashboard/portal, users can: 1. Attach, detach, encrypt or share encrypted data volumes, file-system directories and data objects (e.g. files) with 3-clicks in <2min. 2. Define context (location/time/ownership/security-level)–based data access 3. Access a personalised secure key-store hosted by BT (on premise variants are also available on request) It is fully validated on BT Cloud and partly on 3rd parties (Amazon). Trials show <10% overhead of encrypted storage operations, <5% overhead to provisioning time of unprotected VMs
  • 10. ©British Telecommunicationsplc TemplateVersion1.2 Overview of Trusted Cloud Digital Service Store: indicative user journeys General Use of Digital Market Place Application Store Catalogue Infrastructure Store Catalogue STaaS Catalogue On-board an Application Design a new workload Deploy an application Infrastructure Use Deploy Apps in internal cloud (Cloud Platform, OpenStack, etc.) Deploy Apps in public cloud Amazon EC2, Azure, BT Compute) Use object storage (STaaS) and Encryption as a Service Use of “Horizontal” Cloud/Cyber Security Services Application and Host protection: Protect applications in multiple clouds via Intelligent Protection Data protection (Encryption) as a Service: Encrypt files and virtual volumes in the cloud Email filtering as a Service: Email server purchased via the Appstore External email server
  • 11. Use in R&D, trials and production • Exposure via a global cloud service • 16 platforms across 4 continents • 45 data centres • 4 global customer service centre hubs and 22 satellite centres • operating 24/7 and serving businesses in 198 countries. Incorporated into BT Cloud Compute release roadmap as a value-add feature • UK: •London Borough of Camden •Italy: •City of Genoa •Serbia: •Strati-Grand, Belgrade •Exposure to 2000 users of public services •Enable secure consumption of public services across European regions Baseline technology for governmental cloud pilots •Part of Trusted Cloud Platform - EIT ICT Labs High Impact Initiative •To be exposed to UK SMEs for as a co-innovation platform by the ICT Catapult in the UK •Platform of choice for future research on cyber-security attack analysis and prevention by Imperial College London – UK Global Uncertainties programme Baseline platform for Trusted Cloud innovation by SMEs
  • 12. New customer experience • Make security management integral part of cloud application assemblyFusion • integrity &security functions become managed parameters • while the form and coverage of the functions automatically adjust to user selection. Uniformity and Customisation • “click-to-buy” security services • “click-to-build” secure applications in less than 5 clicks. Automation •automatic generation of recommended security policy • based on vulnerability analysis of the application stack, cloud characteristics, user preferences and desired business impact levels; Versatility •one cloud-based service securing applications and data on multiple private and public cloud infrastructures and platformsUniversality • Automatically generated customisable security dashboard per user •Unifying view of the security state of user’s applications on any cloud Visibility • enables enforcing a common security policy to •all instances of an application on multiple cloud environments. Control Simplified customer experience through a market place, and a service and security management dashboard. Eliminates costs and risks of deployment, integration and management of complex security software or appliances.
  • 13. SummaryFusion Make security management integral part of cloud data & application assembly Ubiquity integrity &security functions become managed parameters Automated “click-to-buy” security services “click-to-build” secure data & applications in less than 5 clicks. Versatile automatic generation of recommended security policy Universal one service protecting applications and data on multiple clouds VisibilityUnifying view of the security state of user’s applications on any cloud Control enables enforcing a common enterprise security policy across clouds Exposure in production via a global cloud service (BT Cloud Compute) Exposure to 2000 users of public services UK Research & Development Product Development Core Service operations “The benefit has been in convincing the customer that Security is not just in our DNA, it's something that they can embed in their DNA with a single click!” David Cairns, Principle Solutions Architect, BT Cloud Compute