Logically Securing a Public Cloud Service presented at CornerstonesofTrust 2016

by Tim Mather,

Summary : Abstract: Cloud computing is fundamentally differently than other computing models. With cloud computing, data separation is now logical; it is no longer physical. Therefore ensuring confidentiality and integrity of data requires new approaches and new tools. This presentation will present of use case of how to do so on a public cloud service utilizing the integration of multiple security tools. While several infrastructure-as-a-service (IaaS) providers do a good job at providing physical security and host-level security, their responsibilities end at the hypervisor. It is a customer’s responsibility to ensure that the operating system is secure, in spite of what is provisioned / supplied by the IaaS provider, as well as all applications. Because all data separation is logical, it is incumbent upon the customer to ensure such data separation is not only robust, but not entire under the control of the IaaS provider. To that end, Cadence is implemented a software defined perimeter (SDP), which is in addition to the IaaS provider’s virtual private cloud (VPC). Additionally, to secure manage the provider’s VPCs at scale, Cadence has implemented a 3trd party tool, under Cadence’s control to manage the VPCs and their associated security groups. Additionally, Cadence utilizes hardware security modules (HSMs) for the secure lifecycle and use of cryptographic keys for encryption. Finally, to audit and report on the secure operation of all capabilities, Cadence utilizes a cloud-based logging, correlation, and reporting tool, which provides for digitally signing all log entries, as well as security analytics. In addition to the IaaS provider itself, and the cloud orchestration platform, Cadence has implemented, and automated the orchestration of, four additional security specific tools to provide extremely robust security in a public cloud in order to protect our intellectual property, and even more importantly, our customers; intellectual property. How this is done will be detailed in this presentation.