Architecting a secure castle       in the clouds        Dr Tim Redhead            DotSec         tim@dotsec.com
Strong requirementsClear understanding of riskSome very good architecture
Security architecture●   Identity and Access Management●   Mobile and ubiquitous devices●   The cloud and as-a-service model
I think therefore... IAM!●   Identity and Access Management●   Great opportunities for IAM in your SecArch●   Rally to me!...
IAM benefits●   Cost-effective             ●   e.g. Limited budget; fixed-price projects.●   Robust             ●   e.g Hi...
We can leave the 20th century       Client 1                   Client 2                    Client 3       Internet        ...
And then we can have nice things                 Client Client                      Client                   Internet     ...
Fun with mobiles●   Rocks and hard places●   Opportunities for enhanced services●   Marty McFly still lives!●   Platforms ...
Whos to know?●   Dr Gerry McCartney●   Stuxnet, Flame, Duqu and Zeus●   Bangs and whispers
Dont be sad●   RDRBA is your key●   Fight the battles you can win●   Thin out the threatscape●   Coral the zombies●   Two ...
Forecasting clouds●   Mostly fairly well understood components●   Risky relationships but not bad per se●   20 people and ...
Our uses
Monoliths and memorials●   RDRBA will guide you●   Clouds, silver bullets and planning                                    ...
Strong requirementsClear understanding of riskSome very good architecture
Australian CIO Summit 2012: Architecting a Secure Castle in the Clouds by Dr Tim Redhead, Director, DotSec
Upcoming SlideShare
Loading in …5
×

Australian CIO Summit 2012: Architecting a Secure Castle in the Clouds by Dr Tim Redhead, Director, DotSec

291 views
254 views

Published on

Australian CIO Summit 2012: Architecting a Secure Castle in the Clouds by Dr Tim Redhead, Director, DotSec

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
291
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Australian CIO Summit 2012: Architecting a Secure Castle in the Clouds by Dr Tim Redhead, Director, DotSec

  1. 1. Architecting a secure castle in the clouds Dr Tim Redhead DotSec tim@dotsec.com
  2. 2. Strong requirementsClear understanding of riskSome very good architecture
  3. 3. Security architecture● Identity and Access Management● Mobile and ubiquitous devices● The cloud and as-a-service model
  4. 4. I think therefore... IAM!● Identity and Access Management● Great opportunities for IAM in your SecArch● Rally to me!● Kicking the devils dog
  5. 5. IAM benefits● Cost-effective ● e.g. Limited budget; fixed-price projects.● Robust ● e.g History of fault-tolerance and HA.● Secure ● No option: Owners and providers want assurance.● Claims based ● Flexible, extensible, aligned
  6. 6. We can leave the 20th century Client 1 Client 2 Client 3 Internet Internet Internet Services 1 Aggregate some services Services 2 Services 3Database 1 Merge Database 2 Database 3 Dir 1 Dir 2 Dir 3 some directories
  7. 7. And then we can have nice things Client Client Client Internet IdP Etc Dir Infrastructural sec services Prov4Prov1 Prov2 Prov3
  8. 8. Fun with mobiles● Rocks and hard places● Opportunities for enhanced services● Marty McFly still lives!● Platforms and lava lamps● The users are all primed to go● I want a flashing one, with the lot!
  9. 9. Whos to know?● Dr Gerry McCartney● Stuxnet, Flame, Duqu and Zeus● Bangs and whispers
  10. 10. Dont be sad● RDRBA is your key● Fight the battles you can win● Thin out the threatscape● Coral the zombies● Two is better than one
  11. 11. Forecasting clouds● Mostly fairly well understood components● Risky relationships but not bad per se● 20 people and 20 answers... sans wine Dilbert ©2012, Universal Uclick
  12. 12. Our uses
  13. 13. Monoliths and memorials● RDRBA will guide you● Clouds, silver bullets and planning Client Presentation Security infrastructure Backup and DR Virtualisation Logic Data store Network● What will you get and what will you lose?
  14. 14. Strong requirementsClear understanding of riskSome very good architecture

×