Security’s New Normal:
Is Cloud the Answer?
Prepared by IDC for:
Cloud Identity Summit
July 2013
Sally J. Hudson
Research ...
Security Perimeters:
New Normal
3rd Platform Built
on Four Pillars
Four Pillars of 3rd Platform:
§  Mobile – Creates need for stronger access controls
and authentication. Expect more partn...
3rd Platform Customer
Requirements
Fixed
§  Global consumer & corporate
privacy & security regulations
(civil law)
§  La...
§  Consolidate
§  Virtualize
§  Automate
§  Optimize
§  Host/Outsource
Consolidate
§  Biz Efficiency
§  Innovate
§...
Consolidate: Old Issues &
New Solutions
§  New
q  Worldwide core controls that
minimize differences
q  Auditors collabo...
Shifting IT Spend: Private Cloud is
near term cloud strategy
Q. Please estimate how much of your company's IT budget will ...
Cloud Providers: Can You Trust Them?
§  SLAs can offer complete visibility and
“partnership” with the Cloud provider
§  ...
Cloud Benefits and Challenges
-80% -60% -40% -20% 0% 20% 40% 60% 80%
Pay-as-you-go (opex)
Easy/fast to deploy to end-users...
Cloud Security & Compliance:
Tablestakes for Enterprise Clouds
Q.	
  Rate	
  these	
  statement	
  about	
  cloud	
  secur...
Indemnification is Explicit
“You agree to indemnify and hold Yahoo! and its subsidiaries,
affiliates, officers, agents, em...
Cloud Mobile Social Networks
Big Data (Threat
Intelligence)
Predictive
Privileged Access
Management,
Federated Identity,
M...
Essential Guidance
§  Cloud offerings should allow you to examine
your IT investments strategically and avoid point
solut...
Email me at:
sjhudson@idc.com
Follow me at:
twitter.com/@sjhudson11
Contact Information
Upcoming SlideShare
Loading in …5
×

CIS13: Security's New Normal: Is Cloud the Answer?

378
-1

Published on

Sally Hudson, Research Director, Security Products and Services, IDC
This session will look at cloud benefits and challenges from a security standpoint and present customer trends and concerns from IDC's demand-side research programs. Special emphasis will be placed on identity issues as they relate to cloud, social and mobile concerns and how they map to the agendas, policies and budgets of the IT enterprise.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
378
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Security's New Normal: Is Cloud the Answer?

  1. 1. Security’s New Normal: Is Cloud the Answer? Prepared by IDC for: Cloud Identity Summit July 2013 Sally J. Hudson Research Director Identity and Access Management BuyerPulse
  2. 2. Security Perimeters: New Normal
  3. 3. 3rd Platform Built on Four Pillars
  4. 4. Four Pillars of 3rd Platform: §  Mobile – Creates need for stronger access controls and authentication. Expect more partnerships, acquisitions and innovations in the mobile space. §  Cloud – driving need for FSSO and authentication, user provisioning, privileged id management §  Social Networking – companies want to leverage this, but are cautious due to security concerns. Authentication and federation. §  Big Data – in conjunction with security, rich identity profiles and threat prevention and fraud detection
  5. 5. 3rd Platform Customer Requirements Fixed §  Global consumer & corporate privacy & security regulations (civil law) §  Law enforcement ( criminal law) §  Instantaneous, & assured communications with negligible downtime §  Revenue creation and profitability §  Apps (write once, test everywhere) Fluid §  Communities of shared interest & social pressures (good, bad, gray), §  Control issues (risk, acceptable speech, reputation, privacy, & trust ) §  Under-web of sensors & monitoring §  Services-based approach vs. client-orientation
  6. 6. §  Consolidate §  Virtualize §  Automate §  Optimize §  Host/Outsource Consolidate §  Biz Efficiency §  Innovate §  Modernize §  Mobile/Social §  Biz Analytics Collaborate §  Actuarial Data §  Predictable Operational Expenses §  Risk §  Compliance Calculate COO’s New Normal: Issues in 2013
  7. 7. Consolidate: Old Issues & New Solutions §  New q  Worldwide core controls that minimize differences q  Auditors collaborate with IT to help design compliance dashboard for a variety of non- IT groups q  Common worldwide controls that are cloud-based §  Old q  Company siloed by business units and geography q  Custom controls q  Auditors were the enemy q  Senior management confused about corporate-wide polices q  Little anticipation or planning for pending regulations
  8. 8. Shifting IT Spend: Private Cloud is near term cloud strategy Q. Please estimate how much of your company's IT budget will be allocated to buying and managing these different types of IT services 49% 37% 16% 16% 13% 19% 11% 15% 11% 13% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Today 24 Months Public Cloud Private cloud - Hosted Private Cloud Inhouse Outsourced IT Traditional IT §  Enterprises see private cloud as the onramp to cloud for the next 24 months §  Automation and elasticity will become the mantra §  Pre-integrated modularity will become critical Source: IDC’s Cloud Computing Survey, January 2011 n=603
  9. 9. Cloud Providers: Can You Trust Them? §  SLAs can offer complete visibility and “partnership” with the Cloud provider §  Capex à Opex expense = Making friends with the CEO and CFO again §  Defensible posture and extensible “modular” architecture §  Pay as you go §  And more…
  10. 10. Cloud Benefits and Challenges -80% -60% -40% -20% 0% 20% 40% 60% 80% Pay-as-you-go (opex) Easy/fast to deploy to end-users Pay only for what you use Allows us to reduce IT headcount Makes sharing with partners simpler Encourages standard systems More sourcing choices Faster deployment of new services Regulatory requirement restrictions Performance/response times Availability/service provider uptime Not robust enough for critical apps Not enough ability to customize Hard to integrate, manage w/in-house IT May cost more Security Reliability Availability, Security, Total Cost Time to deploy Pay for Use Collaboration
  11. 11. Cloud Security & Compliance: Tablestakes for Enterprise Clouds Q.  Rate  these  statement  about  cloud  security   % sample rating 4 & 5 §  Issue: Security & compliance §  Data in motion more important than data at rest §  Key management stays with customer §  Issue: Metrics §  Risk guarantees §  Threats/Attacks §  Breaches §  Privileged & Customer Access §  Continuous Compliance
  12. 12. Indemnification is Explicit “You agree to indemnify and hold Yahoo! and its subsidiaries, affiliates, officers, agents, employees, partners and licensors harmless from any claim or demand….” Data Locality Cannot be Guaranteed “Personal information collected by Google may be stored and processed in the United States or any other country in which Google Inc. or its agents maintain facilities. By using the Service, you consent to any such transfer of information outside of your country….” Service Interruption is Permissible “Yahoo! reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Yahoo! Services (or any part thereof) with or without notice. You agree that Yahoo! shall not be liable to you or to any third party for any modification, suspension or discontinuance of the Yahoo! Services (or any part thereof).….” Intellectual Property Rights are Abdicated to Providers “By submitting, posting or displaying Content on or through Google services which are intended to be available to the members of the public, you grant Google a worldwide, non-exclusive, royalty-free license to reproduce, publish and distribute such Content on Google services for the purpose of displaying and distributing Google services.….” Cloud Security & Compliance: Consumer Cloud T’s & C’s excludes Security §  Lack of security in consumer clouds today is explicitly stated §  Data is an organizations most valuable asset §  Large providers become a target and a single point of failure
  13. 13. Cloud Mobile Social Networks Big Data (Threat Intelligence) Predictive Privileged Access Management, Federated Identity, Multi-factor Authentication, Data Protection, & Vulnerability Assessment Strong Authentication, Data Protection, & Granular Access Controls Data Loss prevention with data protection & justification for violations. Raw and analyzed threat feeds from multiple sources integrated with all management consoles Proactive VPN, Single Sign-On, & Strong Passwords Mobile Device Management Keyword-based monitoring & logging Network monitoring and SIEM Reactive Access control Device Password Acceptable Use Policy Signature-based detection Goals: 1) Timely remediation of existing breaches. 2) Early detection & mitigation of advanced, targeted, attacks. 3) Policy monitoring & enforcement of internal and external regulations. Essential Guidance: New Normal & Securing 3rd Platform
  14. 14. Essential Guidance §  Cloud offerings should allow you to examine your IT investments strategically and avoid point solution thinking §  Make sure your services firm can clearly articulate their differentiated offers, methodologies, tools and processes, certifications and domain expertise before embarking on a major IT transformation or initiative
  15. 15. Email me at: sjhudson@idc.com Follow me at: twitter.com/@sjhudson11 Contact Information
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×