Securing Intelligence in an Open Hybrid Cloud
A presentation at FedInsider Webinar: Securing Intelligence in an Open Hybrid Cloud by Shawn Wells
SECURING INTELLIGENCE IN AN OPEN HYBRID CLOUD Stories from the DoD and IC Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com 24 August 2016
FOUNDATIONAL BLOCKING & TACKLING Key infrastructure themes from Jennifer Kron’s presentation: • Functional testing for identity & access management, data protection, audit • Perform continuous diagnostics and monitoring • Must have consistent measurements across multiple environments • Standardized implementations • Baselines? • Service Catalogs? • Platform as a Service (PaaS)?
FEDERATED DATA ACCESS Key data themes from Jennifer Kron’s presentation: • “Build to Share, BUT securely” • How do we ensure data contains attributes and security labels/tags, and build access restrictions from this metedata?
SECURITY AUTOMATION + TOOLING FOR HYBRID CLOUDS
PROJECT • Deliver practical security guidance, baselines, and associated validation mechanisms using Secure Content Automation Protocol (SCAP) • Current upstream source for NSA, NIST, and Red Hat Configuration Guides – DISA JBoss Enterprise Application Platform STIG – DISA Red Hat Enterprise Linux 6 & 7 STIGs – Department of Justice CJIS Baselines – National Security Agency SNAC Guide
PROJECT CONTRIBUTORS
PROJECT • Maps specific security tests to formalized policies – NIST 800-53 rev4 – DISA Operating System SRG – NIST CCE • Delivering DoD and IC Automated Baselines today! • DoD STIG: Joint development with NSA, DISA FSO • C2S: Developed for CIA C2S Linux images • CS2: Developed with NSA TS for GOVCLOUD systems • CJIS: FBI criminal justice systems
CHECKLIST SECURITY TEST SECURITY TEST SECURITY TEST Known-Provenance IMAGE & CONFIG REFERENCE Whitelist Software Measurements
STRUCTURED DATA SERVICES ACROSS HYBRID CLOUDS
Private Data & Metadata
Private Data & Metadata Public Data
IC PERSONS OF INTEREST CHALLENGE • Need to find Person of Interest across disparate IC systems • Adherence to IC-wide common data scheme NSA App SOLUTION • Create abstracted view of enterprise data schema • Facilitates data ingest/egress by creating standard data fields BENEFIT • Simplified data access, decoupled services and apps from the underlying complex data infrastructure FBI App ONI App TargetName Full_Name FullName CIA ADN First_Name Last_Name
DISA ADNET: ANTI-DRUG NETWORK CHALLENGE • Counter-narcotics and counternarcoterrorism • Statutory detection and monitoring • Data is heterogeneous & on multiple systems SOLUTION • Created abstracted view across multiple State/Local Law enforcement agencies • Virtual database enables BI tools to get a complete picture of person from any history, warrants, jail, crimes, vehicles, etc • Federated search layer looking for possible aliases given general details (cars, addresses, license, etc). VA Police MD Police DC Police Target_Name Been_Arrested? Target_Known_Aliases DMV State Police CIA ADN County Courts
BUILDING YOUR OPEN HYBRID CLOUD
EVERYONE IS A TECHNOLOGY COMPANY TODAY.
WHEN EVERYONE IS A TECH COMPANY, I.T. CAN BE A SOURCE OF COMPETITIVE ADVANTAGE.
THESE TECHNOLOGIES ARE DRIVEN BY OPEN SOURCE OPEN SOURCE MEANS COMMUNITY MEMBERS CAN SEE, LEARN FROM, IMPROVE, MODIFY, AND SHARE THE SOURCE CODE TO SOLVE CHALLENGES AND MEET NEEDS.
THE OPEN SOURCE ADVANTAGE Provides the interoperabilility to use a range of solutions from multiple providers. Security developed in collaboration with the industry’s experts. Gives you access to the best technology, and contribute to its success. Reduces time spent keeping the lights on and increases your time to innovate. THIS ISN’T JUST A WAY OF DOING BUSINESS. IT’S A MODEL FOR THE FUTURE OF TECHNOLOGY.
RED HAT MAKES OPEN SOURCE READY FOR THE ENTERPRISE RED HAT DELIVERS THE INNOVATION OF OPEN SOURCE PROJECTS AS PREDICTABLE, RELIABLE, AND SECURE PRODUCTS. COMMON CRITERIA – FIPS 140-2 – DoD STIGs – CNSSI 1253
THANK YOU! plus.google.com/+RedHat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/RedHatNews youtube.com/user/RedHatVideos
According to market intelligence firm IDC, 91% of IT organizations rely on open hybrid cloud as the de facto enterprise IT architecture. Open source is a key enabler of this rapid innovation and is driving the increased adoption of next generation technology and IT service delivery solutions. As open hybrid cloud becomes widely adopted questions surrounding security in the cloud and of open source hybrid cloud technologies in particular are prevalent.
Intelligence, military and civilian agencies have built significant enterprise infrastructure and many are, or will be adopting a hybrid cloud approach. This webinar will explore some of the best security practices and principals being used today in cloud deployments.
We’ll Discuss:
Understand the risk profile in cloud and methods to address and manage those risks. Integrating existing virtualized infrastructure into a more comprehensive, better-managed, secure open hybrid cloud. Best practices to deploy secure, resilient, reliable, open cloud solutions with features such as self-service portal, automation, provisioning, scalable storage, and flexible networking.
Speaker and Presenter Information
-
Jennifer Kron, Deputy Chief Information Officer, Intelligence Community
-
Shawn Wells, Director of Innovation Programs, Red Hat Public Sector
for free. You
can too.
