Security, Privacy and Risk Standards of Operating in the Cloud


Published on

Love it or loathe it, cloud services are an inevitable part of our future.

But how do you know the cloud is safe? Where does all that data go? How can you be confident that you’ve signed up to a reputable supplier? Just what does a good Cloud service look like?

David Robinson, Chief Security Officer and Director Information Security Business Unit, Fujitsu UK & Ireland addresses these questions and provides insight in this area along with a pragmatic approach to ensuring you obtain or apply commensurate security to your cloud services.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security, Privacy and Risk Standards of Operating in the Cloud

  1. 1. Harvesting CloudBenefits Room 13b
  2. 2. Harvesting Cloud Benefits – Room 13bReshaping IT Security, Privacy and Risk Standards of Operating in the Cloud David Robinson Chief Security Officer and Director Information Security Business Unit Fujitsu F jit UK & Ireland I l d 12:30 h 1
  3. 3. 2
  4. 4. Security in the CloudDavid RobinsonCSO UK&IDir Information Security Business Unit © Copyright 2011 FUJITSU
  5. 5. What do we expect“Security in the Cloud” to be? What is “cloud” and what makes us nervous about using it? 4 © Copyright 2011 FUJITSU
  6. 6. What is “Cloud”? “A flexible, scalable, pay-per-use model for the way IT services are delivered and consumed” – Fujitsu White Book of Cloud Adoption Three scenarios: Using pre existing Cloud services pre-existing Migrating Enterprise services to the Cloud Cloud being used as part of the delivery mechanism 5 © Copyright 2011 FUJITSU
  7. 7. Barriers to cloud adoption that we seeSecurity and performance issues areat the top of the lists of concerns raisedby organisations: Regulatory and compliance issues Loss of local control Vendor lock-in Lack of upgrade control Fallback and recovery 6 © Copyright 2011 FUJITSU
  8. 8. Questions we encourage asking What is the country of operation? Need to be very sure about country of operation Must ensure legal and regulatory compliance Compliance has to be maintained Threat profile in country needs to be understood Location of data Location of support and management services Who gets into the cloud? Our users Support staff Other customers Anyone else? What happens when something goes wrong? How does it work? 7 © Copyright 2011 FUJITSU
  9. 9. Fujitsu’s approach and experience The way we build our services 8 © Copyright 2011 FUJITSU
  10. 10. Fujitsu approach Choose the best Cloud for you On premises private infrastructure in data centre shared community infrastructure public infrastructure Different levels of assurance Precision in infrastructure design Care in process implementation Subject to external review 9 © Copyright 2011 FUJITSU
  11. 11. Different kinds of clouds… and the glue that holds them together Consultancy Matching workload characteristics to appropriate IT resources. Private Cloud Community Cloud Public Cloud Hybrid Cloud Designed for single Designed for Designed for Both public and enterprise members general market private Internal shared Resources shared Open to all Utilizes best resources safely among group Resources shared R h d capabilities from IT organization sells members (individual, safely among group public and private to services to rest of gov or businesses) of companies meet business company Customized for needs Very little On-site off-site On site or off site specific business customization Allows for bursting need to public cloud Outsourced or Inhouse management Customization allowed End to End Service Management for Enterprise Cloud 10 © Copyright 2011 FUJITSU
  12. 12. Cloud security considerations The Barriers discussed earlier map onto Governance and enterprise risk management Data residency and jurisdiction. Compliance and audit Access control Shared resources and data segregation Security incident management Physical security y y Privileged users Continuity Services y Data disposal 11 © Copyright 2011 FUJITSU
  13. 13. Where are we now? Security measures that are commensurate with the risk No longer single level Cloud requires and enables a more profiled approach t security fil d h to it What can and cannot live in the cloud? Would you trust putting anything into the cloud? What would you take from the cloud? What constrains us? 12 © Copyright 2011 FUJITSU
  14. 14. Security qualities of different cloud types Private Community Public Hybrid Governance and enterprise risk 3 3 1 2 management Data residency and 3 2 1 2 jurisdiction Compliance and 3 2 1 2 audit Access Control 3 2 1 1 Shared resources Sh d and data 3 3 1 2 segregation Security incident 3 2 1 2 management Dependent Dependent Dependent Dependent Physical Security upon service upon service upon service upon service Privileged Users 3 3 1 2 Continuity Dependent upon Dependent upon Dependent upon Dependent upon Services business needs business needs business needs business needs Data disposal 3 3 1 2 13 © Copyright 2011 FUJITSU
  15. 15. The areas Fujitsu focuses on Service and Management – how the service operations function to deliver an overall approach to governance, risk and compliance, incident management and the provision of compliance audit services). Network – the configuration of the network services to deliver separation and isolation of clients’ connections from their location to the service payloads in the data centre. p y Compute – the arrangements to provide isolation between customer capsules and management blocks. Storage –the methods and approaches for segregating and protecting the storage assets Physical – a rigorous approach to the physical security aspects of the service. 14 © Copyright 2011 FUJITSU
  16. 16. Security defence in depth in the cloud 15 © Copyright 2011 FUJITSU
  17. 17. Summary Security is still high on the agenda Not everything is suitable for the cloud Cloud presents new ways of working We can help you understand and develop your approach We have the expertise to advise Work with you as a partner We have Cloud infrastructure available right now not just slide wear! 16 © Copyright 2011 FUJITSU
  18. 18. Questions 17 © Copyright 2011 FUJITSU