SlideShare a Scribd company logo

Protecting Data in the Cloud

N
Neil Readshaw

Presentation given to the Australia Computer Society's QLD Branch Cloud SIG in September 2012.

Technology
1 of 12
Download to read offline
Neil Readshaw, CISSP Worldwide Chief Architect – Cloud Security IBM Global Technology Services @readshaw Protecting Data in the Cloud © 2012 IBM Corporation
A Perfect Storm for Data Protection Big Data Industrialization Consumerization of IT of IT 2 © 2012 IBM Corporation
How data protection in the cloud can go wrong 1. Security policy does not specify appropriate use of public 5. Enterprise workload in the cloud clouds, so users are unguided. not subject to same security policy as on-premise. Security Policy Customer Workloads Administrator 3. No data security controls at the Internet Cloud Infrastructure enterprise boundary. 4. Cloud provider’s data protection controls are 2. Without knowing neither documented, better, user tries to trusted nor certified. User upload confidential Cloud data to public cloud Administrator service “to do their job”: 6. Mobile employee with BYOD leaks data Enterprise because device lacks sufficient security to Cloud Service Mobile User protect data at rest after Provider retrieval from the cloud 3 © 2012 IBM Corporation
Risks change when putting data in the cloud Example Risk What makes it different? Information may no longer be protected by the same laws Data Location and regulations as if it was in your on-premise environments. A multi-tenant cloud may contain vulnerabilities at any level Multi-tenancy in the architecture that compromise the isolation principle. A cloud provider’s administrators are not necessarily Cloud Provider subject to the same security controls and regulations as in Administration the on-premise case. While the extent of risks may vary from on-premise data protection, the way to approach data protection is no different. 4 © 2012 IBM Corporation
To protect data in the cloud requires: • A balanced approach: • Governance, policy and process • User awareness • Technical security controls • Trust, compliance and assurance • Meeting or exceeding what is already available in the enterprise IT environments 5 © 2012 IBM Corporation
Governance, policy and process • How effective is current your enterprise data protection policy? • And how accurate is the perception of its effectiveness? • Make your CIO Office/Cybersecurity policies and procedures cloud aware • System inventory • Endpoint security and compliance management • Incident response • Automation is a must • Taking a risk based approach allows for a balanced consideration of business opportunities • Cloud is not one-size-fits-all, nor should the evaluation of workloads and their suitability 6 © 2012 IBM Corporation
User awareness • The division of security and privacy responsibilities between the cloud service provider and cloud consumer should be clearly and consistently understood by all parties • Include end users, not just owners/admins • Demarcation of responsibilities will vary according to the cloud service and its delivery model • A program of ongoing education and awareness to users provides an opportunity to update users as the cybersecurity and compliance landscape changes 7 © 2012 IBM Corporation
Technical security controls What Where • Identity and access management • Within the enterprise (desktops, (IAM) servers) • Encryption and key management • At the enterprise boundary • Tokenization • Secure delete • At the cloud boundary • Anti-malware • In the cloud infrastructure • Data loss prevention (DLP) • In the workloads/VMs running in • Security and compliance the cloud management • Audit • Secure software engineering 8 © 2012 IBM Corporation
Trust, compliance and assurance • How is trust built between a cloud service provider and cloud service consumer? • Infrastructure certifications, e.g. ISO 27001, SSAE 16 • Industry regulations, e.g. PCI-DSS • History and experience of a vendor to provide cloud/IT services • Providing visibility into the operation of the cloud is important for assurance • Directly with the cloud service provider or through a trusted third party 9 © 2012 IBM Corporation
When data protection in the cloud goes well 1. Security policy specifies appropriate use of public clouds, 5. Enterprise treats cloud hosted including incremental security workloads as per on-premise, with controls, by workload. the same security controls, e.g. IAM, AV, SCM. Security Policy Customer Workloads 3. Boundary security Administrator devices performs malware detection, Internet Cloud Infrastructure policy based data filtering/tokenization. 4. Cloud provider can demonstrate 2. User has been educated compliance with to know that confidential industry regulations User data cannot be put in and standards. Cloud public clouds without Administrator encryption, and that SPI cannot be put in a cloud outside of the home country. 6. Mobile devices (enterprise supplied or BYOD) are Enterprise managed, including security configuration management. Cloud Service Mobile User Provider 10 © 2012 IBM Corporation
Conclusion • Data protection in the cloud starts with data protection in the enterprise • A balanced approach is needed • Governance, policy and process • User awareness • Technical security controls • Trust, compliance and assurance 11 © 2012 IBM Corporation
Thank you! 12 © 2012 IBM Corporation

Recommended

Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Hi-Tech College
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
Bob Rhubart
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 

Recommended

Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Hi-Tech College
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
Bob Rhubart
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
Internap
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
Global Business Events
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-us
tewodros13
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
Hossam Zein
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
Dekkinga, Ewout
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
 
Mc afee saas web protection-rackaid
Mc afee saas web protection-rackaidMc afee saas web protection-rackaid
Mc afee saas web protection-rackaid
rackAID Support
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
UNIT4 IT Solutions
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
Novell
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
ASBIS SK
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Arrow ECS UK
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet
yonifine
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud Strategy
Dekkinga, Ewout
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 

More Related Content

What's hot

Mc afee saas web protection-rackaid
Mc afee saas web protection-rackaidMc afee saas web protection-rackaid
Mc afee saas web protection-rackaid
rackAID Support
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
ASBIS SK
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet
yonifine
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 

What's hot (20)

Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-us
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Mc afee saas web protection-rackaid
Mc afee saas web protection-rackaidMc afee saas web protection-rackaid
Mc afee saas web protection-rackaid
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud Strategy
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 

Similar to Protecting Data in the Cloud

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
Arun Gopinath
 
Ast 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_securityAst 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_security
Accenture
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Mamta Saxena
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services
 

Similar to Protecting Data in the Cloud (20)

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Ast 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_securityAst 0064255 strategies-for_assessing_cloud_security
Ast 0064255 strategies-for_assessing_cloud_security
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Ccsw
CcswCcsw
Ccsw
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Protecting Data in the Cloud

  • 1. Neil Readshaw, CISSP Worldwide Chief Architect – Cloud Security IBM Global Technology Services @readshaw Protecting Data in the Cloud © 2012 IBM Corporation
  • 2. A Perfect Storm for Data Protection Big Data Industrialization Consumerization of IT of IT 2 © 2012 IBM Corporation
  • 3. How data protection in the cloud can go wrong 1. Security policy does not specify appropriate use of public 5. Enterprise workload in the cloud clouds, so users are unguided. not subject to same security policy as on-premise. Security Policy Customer Workloads Administrator 3. No data security controls at the Internet Cloud Infrastructure enterprise boundary. 4. Cloud provider’s data protection controls are 2. Without knowing neither documented, better, user tries to trusted nor certified. User upload confidential Cloud data to public cloud Administrator service “to do their job”: 6. Mobile employee with BYOD leaks data Enterprise because device lacks sufficient security to Cloud Service Mobile User protect data at rest after Provider retrieval from the cloud 3 © 2012 IBM Corporation
  • 4. Risks change when putting data in the cloud Example Risk What makes it different? Information may no longer be protected by the same laws Data Location and regulations as if it was in your on-premise environments. A multi-tenant cloud may contain vulnerabilities at any level Multi-tenancy in the architecture that compromise the isolation principle. A cloud provider’s administrators are not necessarily Cloud Provider subject to the same security controls and regulations as in Administration the on-premise case. While the extent of risks may vary from on-premise data protection, the way to approach data protection is no different. 4 © 2012 IBM Corporation
  • 5. To protect data in the cloud requires: • A balanced approach: • Governance, policy and process • User awareness • Technical security controls • Trust, compliance and assurance • Meeting or exceeding what is already available in the enterprise IT environments 5 © 2012 IBM Corporation
  • 6. Governance, policy and process • How effective is current your enterprise data protection policy? • And how accurate is the perception of its effectiveness? • Make your CIO Office/Cybersecurity policies and procedures cloud aware • System inventory • Endpoint security and compliance management • Incident response • Automation is a must • Taking a risk based approach allows for a balanced consideration of business opportunities • Cloud is not one-size-fits-all, nor should the evaluation of workloads and their suitability 6 © 2012 IBM Corporation
  • 7. User awareness • The division of security and privacy responsibilities between the cloud service provider and cloud consumer should be clearly and consistently understood by all parties • Include end users, not just owners/admins • Demarcation of responsibilities will vary according to the cloud service and its delivery model • A program of ongoing education and awareness to users provides an opportunity to update users as the cybersecurity and compliance landscape changes 7 © 2012 IBM Corporation
  • 8. Technical security controls What Where • Identity and access management • Within the enterprise (desktops, (IAM) servers) • Encryption and key management • At the enterprise boundary • Tokenization • Secure delete • At the cloud boundary • Anti-malware • In the cloud infrastructure • Data loss prevention (DLP) • In the workloads/VMs running in • Security and compliance the cloud management • Audit • Secure software engineering 8 © 2012 IBM Corporation
  • 9. Trust, compliance and assurance • How is trust built between a cloud service provider and cloud service consumer? • Infrastructure certifications, e.g. ISO 27001, SSAE 16 • Industry regulations, e.g. PCI-DSS • History and experience of a vendor to provide cloud/IT services • Providing visibility into the operation of the cloud is important for assurance • Directly with the cloud service provider or through a trusted third party 9 © 2012 IBM Corporation
  • 10. When data protection in the cloud goes well 1. Security policy specifies appropriate use of public clouds, 5. Enterprise treats cloud hosted including incremental security workloads as per on-premise, with controls, by workload. the same security controls, e.g. IAM, AV, SCM. Security Policy Customer Workloads 3. Boundary security Administrator devices performs malware detection, Internet Cloud Infrastructure policy based data filtering/tokenization. 4. Cloud provider can demonstrate 2. User has been educated compliance with to know that confidential industry regulations User data cannot be put in and standards. Cloud public clouds without Administrator encryption, and that SPI cannot be put in a cloud outside of the home country. 6. Mobile devices (enterprise supplied or BYOD) are Enterprise managed, including security configuration management. Cloud Service Mobile User Provider 10 © 2012 IBM Corporation
  • 11. Conclusion • Data protection in the cloud starts with data protection in the enterprise • A balanced approach is needed • Governance, policy and process • User awareness • Technical security controls • Trust, compliance and assurance 11 © 2012 IBM Corporation
  • 12. Thank you! 12 © 2012 IBM Corporation