Security Day 30 Nov2011

249 views
209 views

Published on

National Computer Board security Day

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
249
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Day 30 Nov2011

  1. 1. CLOUD SECURITY Risks & Recommendations For New Entrants
  2. 2. INTRODUCTIONVivek Mathur Vice President Bhumishq Technologies Ltd. – Data Centre Hosting – Cloud Services ProviderViews expressed are not necessarily that of organization.
  3. 3. CLOUD‘The cloud is inevitable. Cloud Computing will fundamentally changethe IT-industry. The question that remains is how fast this will happen.We are still at the beginning. But I tell the customers: Now is the timeto jump on the bandwagon. From 2012 on more than 90 percent ofMicrosoft developers will work on applications and technologies forthe cloud.’- Steve Ballmer , CEO Microsoft
  4. 4. Severe Risk of HarmPain 20 Slides No of Slides
  5. 5. CLOUDSo what is Cloud Computing?67 DEFINITIONS !!
  6. 6. INTRODUCTIONDefinition #1WikipediaCloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computingresources (e.g., networks, servers, storage, applications, and services)that can be rapidly provisioned and released with minimalmanagement effort or service provider interaction.
  7. 7. CLOUDDefinition #2For DummiesCloudcomputing is the next stage in the Internets evolution, providing themeans through which everything — from computing power to computinginfrastructure, applications, business processes to personal collaboration —can be delivered to you as a service wherever and whenever you need.The “cloud” in cloud computing can be defined as the set of hardware,networks, storage, services, and interfaces that combine to deliver aspects ofcomputing as a service. Cloud services include the delivery of software,infrastructure, and storage over the Internet (either as separate componentsor a complete platform) based on user demand. (See Cloud ComputingModels for the lowdown on the way clouds are used.)
  8. 8. CLOUDWhat is Cloud Computing Model?28 Definitions
  9. 9. Severe Risk of HarmPain 20 Slides No of Slides
  10. 10. CLOUDNO DEFINITION- Cloud is not a THING, it’s a transition- Concept started in 1960 by John McCarthy
  11. 11. 1960??
  12. 12. CLOUDNO DEFINITION- Cloud is not a THING, it’s a transition- Concept started in 1960 by John McCarthy - Concept - Suitability - Technology - Attitude
  13. 13. Can we understand Cloud in simple terms…please?
  14. 14. Fifth Generation of Computing 2010+ 2000s 1990s 1980s1970s
  15. 15. Cloud Origins: Adapting to the Market Data Center Evolution
  16. 16. Cloud Origins: Adapting to the Market Data Center Evolution
  17. 17. In a non-cloud view, there are inefficiencies Allocated Load Forecast IT-capacities “Under-supply“ of capacities “Waste“ of Fixed cost of IT- IT CAPACITY capacities capacities Barrier forinnovations Actual Load TIME
  18. 18. However, in a Cloud View Load Allocated IT Forecast capacities No “under-supply“ IT CAPACITY Reduction of Possible “over-supply“ reduction of IT- capacities in case of reduced Reduction load of initialinvestments Actual Load Time
  19. 19. Cloud Service Types Private Infrastructure Platform Software (On-Premise) (as a Service) (as a Service) (as a Service) You manage Applications Applications Applications Applications Runtimes Runtimes Runtimes Runtimes You manage Security & Integration Security & Integration Security & Integration Security & Integration Managed by vendor Managed by vendor Databases Databases Databases DatabasesYou manage Servers Servers Servers Servers Managed by vendor Virtualization Virtualization Virtualization Virtualization Server HW Server HW Server HW Server HW Storage Storage Storage Storage Networking Networking Networking Networking
  20. 20. CONVINCED. Should all adopt Cloudcomputing?Cloud’s economies of scale and flexibility are both afriend and a foe from a security point of view.
  21. 21. RISKS & RECOMMENDATIONS
  22. 22. Risks- Risk should always be understood in relation to overall business opportunity and appetite for risk- The risks of using cloud computing should be compared to the risks of staying with traditional solutions, such as desktop-based models.- The level of risk will in many cases vary significantly with the type of cloud architecture being considered.
  23. 23. Top Risks• Policy and Organizations Risks• Technical Risks• Legal Risks
  24. 24. POLICY AND ORGANIZATIONAL RISKS• Lock-in• Loss Of Governance• Compliance Challenges• Loss Of Business Reputation Due To Co-tenant Activities• Cloud Service Termination or Failure• Cloud Provider Acquisition
  25. 25. TECHNICAL RISKS• Resource Exhaustion (Under Or Over Provisioning)• Isolation Failure• Cloud Provider Malicious Insider - Abuse Of High Privilege Roles• Intercepting Data In Transit• Distributed Denial Of Service (Ddos) / Economic Denial Of Service (Edos)
  26. 26. LEGAL RISKS• Subpoena And E-discovery• Risk From Changes Of Jurisdiction• Data Protection Risks
  27. 27. TOP SECURITY BENEFITS• Security and the Benefits Of Scale• Security as a Market Differentiator• Standardised Interfaces for Managed• Rapid, Smart Scaling of Resources• More Timely, Effective and Efficient Updates and Defaults
  28. 28. TOP RECOMMENDATIONS1. Assess the risk of adopting cloud services2. Compare different cloud provider offerings3. Obtain assurance from selected cloud providers4. Reduce the assurance burden on cloud providers
  29. 29. Closing ThoughtsCloudbefore futureTry it is the youapproachdifferent workOne-size fits all commit may not means different topersons
  30. 30. THANK YOUVivek MathurEmail – vivek.mathur@bhumishq.com

×