Облачные вычисления: архитектура, распределение ответственности и защита информации

  • View
    126

  • Download
    0

Embed Size (px)

Transcript

  • ,

  • .

    .

    .

    2/20

    ,

    ,

    CLOUD

  • 3/20

    ISO International Organization for Standardization

    ITU-T International Telecommunication Union - Telecommunication Sector

    CSA Cloud Security Alliance

    ENISA European Network and Information Security Agency

    NIST National Institute of Standards and Technology

    ISACA Information System Audit and Control Association

    SNIA Storage Networking Industry Association (SNIA) - Cloud Storage Initiative

    (CSI)

    http://itsec.by/cloud-and-security/

  • 4/20

    ISO/IEC 17788:2014 NIST Special Publication 800-145

    ()

    ,

    ()

    ,

    ,

    ()

    ,

    (

    )

  • ()

    5/20

    NIST SP 800-145

    1. (on-demand self-service)

    2. (broad network access)

    3. (resource pooling)

    4. (rapid elasticity)

    5. (measured service)

    1. (infrastructure as a service - IaaS)

    2. (platform as a service - PaaS)

    3. (software as a service - SaaS)

    1. (public cloud)

    2. (community cloud)

    3. (private cloud)

    4. (hybrid cloud)

  • 6/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    User control panel

    OSS(Operation support system)

    Infrastructure-as-a-Service

    Cloud Orchestration System

    DATACENTER (power supply, cooling, air-conditioning, physical security)

    Virtualization Management SystemHypervisor

    Server(computing resources)

    BSS(Business support system)

    Platform-as-a-Service

    Network(network resources, SDN)

    API/SDK

    Software-as-a-Service

    Storage(storage resources, SDS)

    Administrator control panel

    CLOUD

  • 7/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

  • 8/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

  • 9/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

  • vmby.blogspot.com.by

    10/20

    , . 1 - 8

  • 11/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

  • 12/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

  • 13/20

    MANAGEMENT TOOLS

    OPERATIONS

    AUTOMATION

    SERVICES

    ORCHESTRATION

    HARDWARE

    VIRTUALIZATION

    Identification and

    Authentication(FIA)

    OS Security

    Virtualization Environment Protection

    Network Perimeter Protection

    Perimeter Protection

    AP Security

    Environmental Security

    Security-as-a-Service

    IT-infrastructure Security

    Data Protection

    Access Control

    (FTA & FTP)

    User Data Protection

    (FDP)

    Security Audit(FAU)

    Security Management

    (FMT)

    Security

    Governance & Management

  • 14/20

    ITU-T X.1601

    ,

  • 15/20

    1:

    2:

    ,

    .

    , ,

    ()

  • 16/20

    10

    2008 . 455-

    ,

    , /

    ,

    ,

    , ,

    -

    .

    ?

  • 17/20

    -

    .

    - ()

    ,

    -

    ,

    ,

    ,

    .

    - .5.

    ,

    .

    ?

    16 2013 . 196

  • !

    18/20

    , ,

  • !

    viacheslav.aksionov@activecloud.com

    + 375 29 861 76 94