Cloud security and cyber security v 3.1

822 views
727 views

Published on

Cloud Security and Cyber Security, David Spinks, HP

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
822
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cloud security and cyber security v 3.1

  1. 1. Cyber Security in Real-Time Systems CSIRS David Spinks - ChairmanFebruary 2011
  2. 2. Quote by : Sun TzuAs Sun Tzu, the military theoretician and strategist extraordinaire ofancient China, wrote in his seminal work "The Art of War", "The skilfulleader subdues the enemy’s troops without any fighting; he captures theircities without laying siege to them; he overthrows their kingdom withoutlengthy operations in the field.” Lush Stuxnet LSE NYSE E-Trading RBS ATM
  3. 3. The Cloud Defined:
  4. 4. Cloud (IAAS) Pressures Instant now any time anywhereLimitless Continued cost reductionFlexibility beyond Outsourcing SecureIT Utility ServicesManaged Services Limitless Volumes Up and Down
  5. 5. What are the obstacles to Cloud Services ? 2008
  6. 6. What are the obstacles to Cloud Services ? 2009
  7. 7. 2010
  8. 8. Into the (Cloud) Futurewith hp SERVICES ECOSYSTEM SYSTEMS INTEGRATION TECHNOLOGY ISLAND ADVANCEDAGILITY CLOUD ENTERPRISE CLOUD SERVICES UTILITY AUTOMATED SERVICES MANAGED HOSTING HOSTING TRADITIONAL CONFIGURED SERVICES SOURCING MODELS 8
  9. 9. So what are the security hot buttons?Robust acceptable pan-client Information Security policies and procedures.One single independent assurance certificate - no your auditors and willnot be allowed access.Identity and access management need to get this working anyway!Business continuity and IT DR acceptance of standard RTO and RPO.Encryption (key management) will be a client responsibility this issue isrelated to IdM!Flexibility in contracts and please kill off the “old school” purchasing andcontracts departments!
  10. 10. Solutions and Best Practice :
  11. 11. Cloud Computing Security Assessment Process Flow Week 1 Week 2 Week 21 2 3 Review InfoSec Program Documentation Interview Subject Matter Experts (SME) Inspect Infrastructure & Controls Week 2 Week 2 Week 34 5 6 Complete Security/Continuity Checklists Cloud Computing Readiness Workshop Analyze Data & Determine Gaps Week 4 Week 4 Week 47 8 9 Cloud Computing Security Roadmap Workshop Create Service Improvement Plan (SIP) Create Remediation Roadmap Confidential & Proprietary11 April 20th, 2010 - v1 Information of Hewlett-Packard Company
  12. 12. ConclusionsAdoption of Cloud lessons leant not availableImplementation experiences limitedSecurity and risk management methods immatureBest practice evolving but gaps exist stillViews of regulators and auditors still not clearLegal and regulatory issues (e-Discovery Jury is still out!)Watch this space ....
  13. 13. FinallyLinkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430David.spinks@hp.comhttp://www.cloudsecurityalliance.org/http://www.hp.com/hpinfo/newsroom/press/2009/090331xa.html Q and A

×