Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security in the Cloud or Pie in the Sky?


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Reduce Protect Improve Save The Get ResourcesYour Costs Your Data Performance Environment On Demand Security in the Cloud: Is it Pie in the Sky? Presented by Julian Lloyd, VP Cloud Advisory Services, Virtustream IP Expo 2011 - Seminar in the Cloud Services & Applications TheatreCopyright © 2010 by Virtustream, Inc. All rights reserved worldwide. “Actualize the Enterprise Cloud™” is a trademark of Virtustream, Inc. All other trademarks are property of their respective owners. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means without the express written permission of Virtustream, Inc.
  • 2. Who We AreVirtustream is an end-to-end cloud services provider. Our capabilities are derived from adecade of delivering market-making virtualization solutions to enterprise clientele.  Invented and operationalized the first hypervisor-agnostic, consumption-based cloud provisioning software capable of running mission critical backoffice applications in production  Developed a scalable on-premise Private Cloud Appliance  Pioneered the delivery of Private Clouds within a Multi- tenant environment, providing the security and performance attributes of a private cloud, with the elasticity and economics of a public cloud #1  Developed an award winning cloud adoption methodology  Only 1 of 9 SAP Certified Cloud Providers worldwide  Own and operate data centers in the US and UK  Privately held and well capitalized W A S H I N G TO N D C  N EW YORK  A T L A N TA  SAN F RANCISCO  LONDON  D UBLIN  C HANNEL I SLANDS 2
  • 3. Agenda  Why is Cloud perceived to be insecure?  What are the real security risks?  What can be done to mitigate those risks?  Pie in the sky? 3
  • 4. Why is Cloud perceived to be insecure?One of the biggest barriers to adoption of Cloud by the Enterprise and PublicSector is the perception that the Cloud is less secure than traditionalcomputing paradigms.  Some common perceptions  Lack of visibility into resources • Applications, data, compute, storage network...  Lack of transparency as to control of resources • Who sets policy? • Who enforces policy? • How is compliance audited? 4
  • 5. Why is Cloud perceived to be insecureIn some respects these perceptions are surprising as outsourced computingisn’t exactly new. ENIAC - outsourced by US Navy to U-Penn Timesharing common since the 50s... So is there anything intrinsic to Cloud technologies or deployment architectures that makes them fundamentally less secure than other forms of outsourced computing services? 5
  • 6. Why is Cloud perceived to be insecure? Interestingly, some of these early examples of multi-tenancy can provide us with a clue... 6
  • 7. So why is Cloud perceived to be insecure?It is the idea of multi-tenant data storage, and worse, lack of control over locationthat drives many of the concerns. Cloud does present some unique challenges inthese areas...  Location  Ownership  Intellectual property law  Privacy and confidentiality laws 7
  • 8. What are the real security risks?Given these very real issues, the number one concern of any Enterprise movingto the Cloud should be data management, and in particular, data storage.  Questions to consider: • How and when will data be backed up? • How will restores work when data is lost? • Who outside the company will have access to data, and why? • What audit tools are available? • Are random audits possible? • What certifications does the provider have? 8
  • 9. What are the real security risks?But it doesn’t just stop at logical security. Cloud also presents physical securitychallenges that are no less real for being outsourced to a service provider.  Where are the data centres physically located?  In which data centres will my data be stored?  Will my data be replicated to a remote location?  What is the network architecture between the Cloud and its customers, as well as between Cloud data centres?  Are all the data centres in the Cloud owned by the same provider? 9
  • 10. What are the real security risks? Although many aspects of Enterprise Cloud Computing are “back to the future” and the industry has operated multi-tenant compute services for more than fifty years, the Cloud does present some unique challenges in respect of data storage that earlier generations of outsourced compute and co-location services have not presented. 10
  • 11. What can be done to mitigate those risks? The Burning Question: Should Enterprises steer clear of the Cloud for their mission-critical workloads? 11
  • 12. What can be done to mitigate those risks?In fact, there is no such thing as “The Cloud” – and not all Clouds are created equal Paradigm Description Types of application Enterprise-class (Y/N) Highly-virtualized • Applications run on highly-virtualized • Almost any reasonably Y infrastructure modern enterprise workload • No dynamic provisioning of compute or data Private Cloud • Applications run on a highly- • As above Y virtualized infrastructure with dynamic provisioning of compute and/or data • All infrastructure remains dedicated to a particular enterprise Public Cloud • Applications run on a highly- • Non-mission-critical virtualized infrastructure with workloads such as N dynamic provisioning of compute development and test and/or data • Web-facing workloads • All infrastructure is owned by the requiring a high degree of service provider and may be shared dynamic scale out across multiple customers Enterprise Cloud • Applications run on a highly- • Mainstream enterprise virtualized infrastructure with applications such as ERP, Y dynamic provisioning of compute CRM etc • Special provisions are made by the Cloud provider for the storage and management of data to ensure security and availability to Enterprise standard Hybrid • Any combination of the above • Implementation dependent Implementation dependent 12
  • 13. What can be done to mitigate those risks?There are five pillars of data security inthe cloud...  Physical isolation of customer data onto defined physical locations  Data stored in data centres known to and approved by the customer  Management of back-up/replication according to a published SLA  Formal process to evaluate customers’ security requirements during on-boarding  Full audit capabilities 13
  • 14. Pie in the Sky? If an Enterprise does not know where its data is physically stored, it cannot claim that the data is secure - and if a Cloud provider cannot guarantee the five pillars of data security, then its claims to be secure are indeed pie in the sky. 14
  • 15. Pie in the Sky? But for customers who find a cloud provider with both an Enterprise-class platform and the consulting experience to help customers make the most of it, they can have their cake and eat it. 15
  • 16. Questions? Thank You Any Questions? Visit Virtustream on Stand E67 located right outside this Theatre 16
  • 17. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  • 18. THE WHOLETECHNOLOGY STACKfrom start to finish
  • 19. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  • 20. VIDEOYour source of live information – all the presentations from our live events
  • 21. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  • 22. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  • 23. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  • 24. ALL FREE TO ACCESS 24/7
  • 25.