Security in the Cloud


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security in the Cloud

  1. 1. VISIT 2010 – Fujitsu Forum Europe 1
  2. 2. Cloud Computing – Room 13b Shaping Security in the Cloud tomorrow with you. John Alcock Managing Consultant, Fujitsu UK & Ireland 15:00 hVISIT 2010 – Fujitsu Forum Europe
  3. 3. 3
  4. 4. Security in the Cloud John Alcock Managing Consultant Information Assurance Solutions UK & Ireland FujitsuVISIT 2010 – Fujitsu Forum Europe 4 Copyright 2010 FUJITSU
  5. 5. Agenda What do we expect “Security in the Cloud” to look like? Applying this to our organisations Fujitsu’s approach and experience Summary and DiscussionVISIT 2010 – Fujitsu Forum Europe 5 Copyright 2010 FUJITSU
  6. 6. What do we expect “Security in the Cloud” to look like? What is “cloud” and what makes us nervous about using it?VISIT 2010 – Fujitsu Forum Europe 6 Copyright 2010 FUJITSU
  7. 7. What is “Cloud”? Cloud Computing is a mechanism for the delivery of services. It is service-based, scalable and elastic, shared, metered by use, and uses internet technologies. Source: Gartner Why are we interested? Consumer perspective Supplier perspective Three scenarios: Th i Using pre-existing Cloud services Migrating Enterprise services to the Cloud Cloud being used as part of the delivery mechanismVISIT 2010 – Fujitsu Forum Europe 7 Copyright 2010 FUJITSU
  8. 8. Barriers to Cloud adoption Security and performance issues are at the top of the lists of concerns raised by organisations: Security and compliance issues 38% Loss of local control 36% Vendor lock-in 30% Lack of upgrade control 30% Source: IDCVISIT 2010 – Fujitsu Forum Europe 8 Copyright 2010 FUJITSU
  9. 9. What makes security good? Effective ff Appropriate Affordable Aff d bl Enabling Reassuring Reass ring ScalableVISIT 2010 – Fujitsu Forum Europe 9 Copyright 2010 FUJITSU
  10. 10. Applying this to our organisations What to look for Good governance Good technologyVISIT 2010 – Fujitsu Forum Europe 10 Copyright 2010 FUJITSU
  11. 11. Do security concerns constrain us? Lack of understanding Fear of the unknown Loss of control Business understanding is keyVISIT 2010 – Fujitsu Forum Europe 11 Copyright 2010 FUJITSU
  12. 12. Do security concerns constrain us? Need to be very sure about country of operation Must ensure legal and regulatory compliance Compliance has to be maintained Threat profile in country needs to be understood Location of data Location of support and management services Who gets into the cloud? Our users Support staff Other customers Anyone else? What happens when something goes wrong? How does it work?VISIT 2010 – Fujitsu Forum Europe 12 Copyright 2010 FUJITSU
  13. 13. Policies, people, processes and places Evidence of good physical and procedural security measures Compliance with legal and regulatory requirements Good personnel security management – staff security clearance and aftercare Open attitude to audit and inspections Transparency in operations so that y know where y p y p you your data is and the locations from which support is provided Technical tools to manage - from a single dashboard - the g g security and compliance settings across a virtual infrastructureVISIT 2010 – Fujitsu Forum Europe 13 Copyright 2010 FUJITSU
  14. 14. Architecture and Design Network Topology Data Storage and Operation Input and Output End Points in System Trust Boundaries Access Controls System and Network Isolation Cryptographic Controls Administrative Controls for Service Provider Ad i i t ti C t l f S i P id Administrative Controls for Business OwnerVISIT 2010 – Fujitsu Forum Europe 14 Copyright 2010 FUJITSU
  15. 15. The virtual world Assess the logical network, applications, and services hosted in the Cloud.VISIT 2010 – Fujitsu Forum Europe 15 Copyright 2010 FUJITSU
  16. 16. Fujitsu s Fujitsu’s approach and experience The way we build our servicesVISIT 2010 – Fujitsu Forum Europe 16 Copyright 2010 FUJITSU
  17. 17. Fujitsu Approach Range of security levels On premises private infrastructure in data centre shared community infrastructure public infrastructure Different levels of assurance Precision in infrastructure design Care in process implementation Subject to external reviewVISIT 2010 – Fujitsu Forum Europe 17 Copyright 2010 FUJITSU
  18. 18. Where are we now? Security measures that are commensurate with the risk No longer single level Cloud requires and enables a more profiled approach to security What can and cannot live in the cloud? Would you trust putting anything into the cloud? What would you take from the cloud? What constrains us?VISIT 2010 – Fujitsu Forum Europe 18 Copyright 2010 FUJITSU
  19. 19. The areas Fujitsu focuses on Service and Management – how the service operations function to deliver an overall approach to governance, risk and compliance, incident management and the provision of compliance audit services). Network – the configuration of the network services to deliver separation and isolation of clients’ connections from their location to the service payloads in the data centre. Compute – the arrangements to provide isolation between customer capsules and management blocks. Storage –the methods and approaches for segregating and p protecting the storage assets g g Physical – a rigorous approach to the physical security aspects of the service. pVISIT 2010 – Fujitsu Forum Europe 19 Copyright 2010 FUJITSU
  20. 20. Security Defence in Depth in the CloudVISIT 2010 – Fujitsu Forum Europe 20 Copyright 2010 FUJITSU
  21. 21. Summary and DiscussionVISIT 2010 – Fujitsu Forum Europe 21 Copyright 2010 FUJITSU
  22. 22. Summary1. Identify, understand and manage security risks2. Take and push services in accordance with your organisation’s risk appetite3. Satisfy yourself that you understand enough about the services4. Make sure you will meet regulatory, legal and compliance requirements5. Understand the architecture and design6. Focus how the service operations function7. Manage the use of the service gVISIT 2010 – Fujitsu Forum Europe 22 Copyright 2010 FUJITSU
  23. 23. DiscussionVISIT 2010 – Fujitsu Forum Europe 23 Copyright 2010 FUJITSU
  24. 24. VISIT 2010 – Fujitsu Forum Europe
  25. 25. VISIT 2010 – Fujitsu Forum Europe