• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Martine Lapierre - Security in Cloud computing: sharing more than resources
 

Martine Lapierre - Security in Cloud computing: sharing more than resources

on

  • 1,043 views

Martine Lapierre - Security in Cloud computing: sharing more than resources

Martine Lapierre - Security in Cloud computing: sharing more than resources

Statistics

Views

Total Views
1,043
Views on SlideShare
1,043
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Martine Lapierre - Security in Cloud computing: sharing more than resources Martine Lapierre - Security in Cloud computing: sharing more than resources Presentation Transcript

    • Security in Cloud computing:sharing more than resourcesMartine Lapierre, THALES DSC, Technical Director23-27 November 2009
    • Growing need of IaaS - Cloud would help: Smart Environment Smart cities Smart transport Smart energy healthcare monitoringCloud computing implies loss of controlChoices of cloud offering Private based on: Hybrid– reputation to ensure Public protection and confidentiality– ability of the cloud provider to prove that there is ‘no’ loss of control
    • eHealth cloud example Data processing Journalisation of acts must satisfy (legal proof), Dedicated network infra European data Journalisation of protectionMonitoring Iaas Health (cyber defense Iaas access traces) Patients center Private cloud Sensitive data Network should be transactions destroyed at a Make encryption, Is available to timeavailable to specified Doctors, IsData storage available to nurses protection/ Medical content data Data should not External eHealth driven leave the original service providers security country of collection at any– Satisfy strict regulatory requirements time– Very sensitive to negative public perception
    • Customer’s view on securityAre my data secure in the Cloud ? Who can access the data ? Can I access my data at any time ? What is the SLA ? Can I stop my contract at any time ? (reversibility)Can I comply with laws and regulation ? Where are my data ? What about if disclosure ? How long are my data kept if I ask for suppression ? How is managed the requisition process ?Who is responsible? Loss of control while maintaining accountability even if operational responsibility falls upon 3rd parties In case of failure in services outsourced to the cloud, the customer cannot meet his duty to his own customers and is exposed to liability
    • Legal and regulatory challenges Understand the consequences of decoupling data from infrastructure. Regulation of cross-border data flows cloud providers operate datacenters in multiple locations and transfer data among them. Coherent regulations on privacy, data retention EU member states have divergent views as to whether cloud providers need to retain data and for how long. Enhance criminal enforcement of crimes Aggregation of data in cloud data centers are attractive targets for hackers. Incident response. Compliant storage certification Interoperability standards in cloud
    • Security challengesQuality of service guaranties Multi-tenancy issues and isolationCertification and Insecure interfaces in federation accreditation contextCompliance to regulations Data protectionID management, RBAC Cloud infrastructure protectionLogging, audit Portability, reversibility From Randy Marchany
    • THANK YOU!ICSOC-ServiceWave 2009