SlideShare a Scribd company logo
1 of 32
Download to read offline
Your Data Center
                                            Boundaries Don’t
                                            Exist Anymore!

                                              Joram Borenstein (CISSP, CISA)
                                              Director, Compliance & Risk Management
                                              RSA, The Security Division of EMC




© Copyright 2012 EMC Corporation. All rights reserved.                                 1
Agenda
 Boundaries don’t exist … let me prove it to you!
 A Cautionary Tale: What This Presentation is NOT About
 Proof-Points (aka “Critical Issues in Oversight & Compliance”)
 OK, So What’s Going On Here?
 Real-Life Best Practices to Mitigate These Challenges
 Conclusion: Open Questions




© Copyright 2012 EMC Corporation. All rights reserved.             2
Boundaries


© Copyright 2012 EMC Corporation. All rights reserved.   3
Boundaries: In Our Personal Lives




© Copyright 2012 EMC Corporation. All rights reserved.   4
Boundaries: In Our Devices




© Copyright 2012 EMC Corporation. All rights reserved.   5
Boundaries: Employees’ Access to Cloud
 Amazon                                                  Mozy
 VMWare                                                  DropBox
 Google                                                  Facebook
 salesforce.com                                          EverNote
                                                          … and others




© Copyright 2012 EMC Corporation. All rights reserved.                    6
What This
                                            Presentation Is
                                            NOT About



© Copyright 2012 EMC Corporation. All rights reserved.        7
What This Presentation is NOT About
 Using Virtualization for new-fangled Data Center tricks


 New Product Announcements


 How to re-architect your Data Center


 It is about
    – Compliance
    – Auditing
    – Adjustments in organizational culture




© Copyright 2012 EMC Corporation. All rights reserved.      8
Data Center Compliance Challenges
                                                 Visibility
                                                 Lack of visibility into servers, storage or
                                                 network infrastructure

                                                 Automation
                                                 Difficult to validate technical control
                                                 measurement

                                                 Audit
                                                 No centralized record keeping as audit trail

                                                 Virtualization
                                                 New abstraction layers complicate compliance
                                                 validation


© Copyright 2012 EMC Corporation. All rights reserved.                                          9
Proof-Points



© Copyright 2012 EMC Corporation. All rights reserved.     10
Proof: Press & Analyst Community #s
 “Morgan Stanley estimates the percentage of IT departments
  using the public cloud to rise from 28% in 2011 to 51% by
  2014.”
         –      (April 2012 source: http://www.marketwatch.com/story/mozy-expanding-cloud-footprint-within-enterprise-
                2012-04-10 )


 “More Than One-Third of IT Budgets Now Spent on Cloud”
         –      (April 2012, source: http://www.forbes.com/sites/joemckendrick/2012/04/11/more-than-one-third-of-it-
                budgets-now-spent-on-cloud-survey/ based on IDG Enterprise Cloud Computing Study (Jan 2012))


 “55% ... are using cloud in some capacity today”
         –      (Feb 2012 source:
                http://www.thedatachain.com/news/2012/2/mid_size_businesses_lead_the_way_in_cloud_adoption )




© Copyright 2012 EMC Corporation. All rights reserved.                                                                   11
Proof: Start-Up Funding
    No boundaries lead to … lots of concern (risk scenarios)
    Thesis: basic security building blocks for clouds
    Sample Companies
         – CloudSwitch                                   – PerspecSys         Systems)
           (now                                          – Co3Sys           – Gazzang
           VRZN/TRMK)                                    – salesforce.com   – High Cloud
         – enStratus                                       (acquiring         Security
         – Vaultive                                        Navajo           – Many others …

    Some of these are simple email encryption gateway vendors
    Some assist with migration from legacy OP to cloud




© Copyright 2012 EMC Corporation. All rights reserved.                                        12
Proof: An Increasing # of Certifications…
 AICPA (American Institute of Certified Public Accountants)
 AT 101 = Attest Engagements
 3 new reporting designations (“Service Organization Control
  (SOC) reports”)
   – SOC 1
   – SOC 2
   – SOC 3


 FYI … SAS-70 = SOC 1 = ISAE-3402




© Copyright 2012 EMC Corporation. All rights reserved.          13
Certifications: General Questions
                                                                  SOC
                                                                  3?
     What does my business do?
                                                         SOC 2
     Who are my customers?                              Type 1
                                                           ?
     What are they buying from me?                                SOC 1
                                                                   Type 2
     What sort of customer information do/will I have?              ?


     What guarantees/confidence do my customers need from my
      company?
     What certifications do my competitors have?
     What IT certifications do my financial auditors recommend I get?
     Do I have an IT auditor? Should I? I thought this was only for PII and
      PHI data such as PCI and HIPAA?
     OK, so I chose a SOC 1 … now do I need a Type 1 or a Type 2?




© Copyright 2012 EMC Corporation. All rights reserved.                         14
Certifications: Data Center–Specific Questions
 Am I prepared as an organization to go through an IT audit?
   – Do I have a consistent set of controls in place?
 Can I get my DC provider to answer IT audit questions?
   – What does my contract allow?
 Does my DC provider have its own certifications?
   – Which one(s)?
   – Do they suffice?
 What is my DC architecture?
   – Is it still applicable?
   – Is the IT Auditor going to understand it? Agree with it?
     Allow it?




© Copyright 2012 EMC Corporation. All rights reserved.          15
OK, So
                                            What’s Going
                                            On Here?

© Copyright 2012 EMC Corporation. All rights reserved.     16
Do Your Own People Understand These
Issues?
 “In-The-Trenches” personnel
         –      Can they articulate the changes?

 Your Sales Force
         –      Are they aware of how to talk with customers?
         –      Of how contracts might need to change?

 Your Legal Department
         –      Are they aware of new privacy legislation?
         –      Are they aware of new compliance needs?

 Senior Management
         –      Do they understand the risks?
         –      Can they articulate a vision to customers, partners, and employees?

 Your HR Team
         –      “7/10 think their IT departments need to expand their skills to keep up
                with cloud trends.”
         –      (April 2012, source: http://www.forbes.com/sites/joemckendrick/2012/04/11/more-than-one-third-of-it-budgets-now-
                spent-on-cloud-survey/ based on IDG Enterprise Cloud Computing Study (Jan 2012))




© Copyright 2012 EMC Corporation. All rights reserved.                                                                             17
What Are the Compliance Implications?
 Industrial
   – Consortia
   – Standards groups
 Governmental
   – Within your own country
   – In other countries you do business in
 Internal
   – Audit
   – Compliance




© Copyright 2012 EMC Corporation. All rights reserved.   18
What Are the Regulatory Issues?
 Forbidding certain countries
 Scoping audits
 Virtualization
   – … make this more complicated for most people
 “Elastic” environments
 Shared equipment




© Copyright 2012 EMC Corporation. All rights reserved.   19
What Are the Governance Issues?
 Are we prepared?
 Do we understand the implications?
 Do our existing models still work?
 Include our service providers within our governance
  model?




© Copyright 2012 EMC Corporation. All rights reserved.   20
Real-Life Best
                                            Practices to
                                            Mitigate
                                            These
                                            Challenges
© Copyright 2012 EMC Corporation. All rights reserved.       21
Real-Life Best Practices to Mitigate
These Challenges
1. Educate EVERYONE
2. Re-assess contractual agreements with Service Providers
3. Keep Track of Certifications
4. Keep Track of New Legislation
5. Pick a set of controls which are adaptive




© Copyright 2012 EMC Corporation. All rights reserved.       22
#1: Educate Everyone
 Yes … this takes time
 Yes … people won’t understand you at first
 Especially the executives!!
         –      Helps $
         –      Helps when escalation occur
         –      Just plain helps to provide transparency

 The Legal Team is your friend
 Why Is This Important?
         –      You will need these people!
         –      Decisions across functions will be impacted by these realities
         –      These teams will eventually have to adjust




© Copyright 2012 EMC Corporation. All rights reserved.                           23
#2: Re-Assess Contracts
 With Who?
         –      Data Center providers
         –      Service providers
         –      Customers

 Why?
         –      You have new risks to consider!
         –      Contractual language may no longer be applicable
         –      SLAs take on new meaning in new contexts
         –      You (might) need new protections




© Copyright 2012 EMC Corporation. All rights reserved.             24
#3: Keep Track of New Certifications
 What do your customers want?
 What does your Internal Audit Team demand?
 What do your IT Auditors recommend?
 What do your financial auditors recommend?
 What are you committed to contractually?




© Copyright 2012 EMC Corporation. All rights reserved.   25
#4: Keep Track of New Legislation
   Cloud-related legislation is appearing in many places
   Here’s one recent example
            European Commission (Jan 2012)
            Revising the EU’s 1995 Data Protection Directive
            “ ... the transfer of data to third countries has become an
             important factor in daily life. There are no borders online
             and cloud computing means data may be sent from Berlin
             to be processed in Boston and stored in Bangalore.”
                         (source: http://ec.europa.eu/justice/newsroom/data-
                          protection/news/120125_en.htm)




© Copyright 2012 EMC Corporation. All rights reserved.                          26
#5: Pick a Control Set(s)
 Which adapts as your needs change
 Which has industry support
 Which makes sense for your organization
 Which your customers will respect & support
 Keep track of new sets coming out
   – e.g. HITRUST in the US is not only for healthcare
 Re-visit alternative control set(s) regularly
 Considering layering them on top of one another




© Copyright 2012 EMC Corporation. All rights reserved.   27
Conclusion:
                                            Open
                                            Questions

© Copyright 2012 EMC Corporation. All rights reserved.    28
Conclusion:
 There are emerging best practices that will help in managing
  the “data center without boundaries”
        – An effective strategy based on governance, controls and visibility is
          essential.

 There are still lots of open questions
        – What impact will regulatory changes have?
        – How do you articulate your vision of the data center without boundaries?

 Get involved
        – Participate in working groups from consortia and others
        – Attend events such as these to hear about new revelations and
          innovations
        – Comment on privacy legislation




© Copyright 2012 EMC Corporation. All rights reserved.                               29
Provide Feedback & Win!


                                                          125 attendees will receive
                                                           $100 iTunes gift cards. To
                                                           enter the raffle, simply
                                                           complete:
                                                            – 5 sessions surveys
                                                            – The conference survey

                                                          Download the EMC World
                                                           Conference App to learn
                                                           more: emcworld.com/app



© Copyright 2012 EMC Corporation. All rights reserved.                                  30
© Copyright 2012 EMC Corporation. All rights reserved.   31
Your Data Center Boundaries Don’t Exist Anymore!

More Related Content

What's hot

Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)pabatan
 
Fasoo Company And Product Information
Fasoo Company And Product InformationFasoo Company And Product Information
Fasoo Company And Product Informationpabatan
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?Gabe Akisanmi
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Citrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefCitrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefNuno Alves
 
Digital Rights Management One For Sharepoint
Digital Rights Management One For SharepointDigital Rights Management One For Sharepoint
Digital Rights Management One For Sharepointpabatan
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET Journal
 

What's hot (20)

Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)
 
Fasoo Company And Product Information
Fasoo Company And Product InformationFasoo Company And Product Information
Fasoo Company And Product Information
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Citrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefCitrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature Brief
 
Digital Rights Management One For Sharepoint
Digital Rights Management One For SharepointDigital Rights Management One For Sharepoint
Digital Rights Management One For Sharepoint
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
Case study
Case studyCase study
Case study
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
 
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
 

Viewers also liked

Thur change to s or d
Thur change to s or dThur change to s or d
Thur change to s or dTravis Klein
 
An overview of agile methodologies
An overview of agile methodologiesAn overview of agile methodologies
An overview of agile methodologiesparvezmisarwala
 
IT Ops Mgmt in the New Virtualized, Software-defined World
IT Ops Mgmt in the New Virtualized, Software-defined WorldIT Ops Mgmt in the New Virtualized, Software-defined World
IT Ops Mgmt in the New Virtualized, Software-defined WorldEMC
 
VMworld : 2013 Journey to IT as a Service Survey
 VMworld : 2013 Journey to IT as a Service Survey VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service SurveyEMC
 
It’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersIt’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersLaurel Gerdine
 

Viewers also liked (17)

Brand new world
Brand new worldBrand new world
Brand new world
 
2015 day 5
2015 day 52015 day 5
2015 day 5
 
Thur change to s or d
Thur change to s or dThur change to s or d
Thur change to s or d
 
03 cost curves
03 cost curves03 cost curves
03 cost curves
 
Tues islam hajj
Tues islam hajjTues islam hajj
Tues islam hajj
 
The brain challenge
The brain challengeThe brain challenge
The brain challenge
 
Team work
Team workTeam work
Team work
 
elasticity 2014
elasticity 2014elasticity 2014
elasticity 2014
 
An overview of agile methodologies
An overview of agile methodologiesAn overview of agile methodologies
An overview of agile methodologies
 
Formulario devoluciones
Formulario devolucionesFormulario devoluciones
Formulario devoluciones
 
Jose esteves 1
Jose esteves 1Jose esteves 1
Jose esteves 1
 
IT Ops Mgmt in the New Virtualized, Software-defined World
IT Ops Mgmt in the New Virtualized, Software-defined WorldIT Ops Mgmt in the New Virtualized, Software-defined World
IT Ops Mgmt in the New Virtualized, Software-defined World
 
VMworld : 2013 Journey to IT as a Service Survey
 VMworld : 2013 Journey to IT as a Service Survey VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service Survey
 
It’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersIt’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your Volunteers
 
Eq price practice
Eq price practiceEq price practice
Eq price practice
 
Albert einstein
Albert einsteinAlbert einstein
Albert einstein
 
Monopoly types
Monopoly typesMonopoly types
Monopoly types
 

Similar to Your Data Center Boundaries Don’t Exist Anymore!

Journey to end user computing dallas vmug may 2013
Journey to end user computing   dallas vmug may 2013Journey to end user computing   dallas vmug may 2013
Journey to end user computing dallas vmug may 2013Tommy Trogden
 
Partner facing vspex deck[1]
Partner facing vspex deck[1]Partner facing vspex deck[1]
Partner facing vspex deck[1]Arrow ECS UK
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the CloudHorst Walther
 
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonVMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonEMCTechMktg
 
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...Proact Netherlands B.V.
 
Ibm puresystems deck for tcs abhed_11102012
Ibm puresystems  deck for tcs abhed_11102012Ibm puresystems  deck for tcs abhed_11102012
Ibm puresystems deck for tcs abhed_11102012abhedk
 
EMC Forum 2013 - Lagos /Nigeria
EMC Forum 2013 - Lagos /NigeriaEMC Forum 2013 - Lagos /Nigeria
EMC Forum 2013 - Lagos /NigeriaDieter Hovorka
 
The Failure of Information Security Classification: A New Model is Afoot!
The Failure of Information Security Classification: A New Model is Afoot!The Failure of Information Security Classification: A New Model is Afoot!
The Failure of Information Security Classification: A New Model is Afoot!InnoTech
 
EMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMCEMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMCCloudOps Summit
 
Cloud on PureSystems, Botond Kiss
Cloud on PureSystems, Botond KissCloud on PureSystems, Botond Kiss
Cloud on PureSystems, Botond KissIBMSERBIA
 
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community Badgeville, Inc.
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityLumension
 
JavaOne2012 _linkeddata_oslc
JavaOne2012 _linkeddata_oslcJavaOne2012 _linkeddata_oslc
JavaOne2012 _linkeddata_oslcSteve Speicher
 

Similar to Your Data Center Boundaries Don’t Exist Anymore! (20)

Journey to end user computing dallas vmug may 2013
Journey to end user computing   dallas vmug may 2013Journey to end user computing   dallas vmug may 2013
Journey to end user computing dallas vmug may 2013
 
KMWorld Presentation
KMWorld PresentationKMWorld Presentation
KMWorld Presentation
 
101 ab 1445-1515
101 ab 1445-1515101 ab 1445-1515
101 ab 1445-1515
 
101 ab 1445-1515
101 ab 1445-1515101 ab 1445-1515
101 ab 1445-1515
 
Partner facing vspex deck[1]
Partner facing vspex deck[1]Partner facing vspex deck[1]
Partner facing vspex deck[1]
 
Taxonomy Change Management
Taxonomy Change ManagementTaxonomy Change Management
Taxonomy Change Management
 
Antonio piraino v1
Antonio piraino v1Antonio piraino v1
Antonio piraino v1
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the Cloud
 
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonVMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
 
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...
PROACT SYNC 2013 - Breakout - VSPEX en vBlock Converged Infrastructure bouwbl...
 
Ibm puresystems deck for tcs abhed_11102012
Ibm puresystems  deck for tcs abhed_11102012Ibm puresystems  deck for tcs abhed_11102012
Ibm puresystems deck for tcs abhed_11102012
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CK
 
EMC Forum 2013 - Lagos /Nigeria
EMC Forum 2013 - Lagos /NigeriaEMC Forum 2013 - Lagos /Nigeria
EMC Forum 2013 - Lagos /Nigeria
 
The Failure of Information Security Classification: A New Model is Afoot!
The Failure of Information Security Classification: A New Model is Afoot!The Failure of Information Security Classification: A New Model is Afoot!
The Failure of Information Security Classification: A New Model is Afoot!
 
EMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMCEMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMC
 
Cloud on PureSystems, Botond Kiss
Cloud on PureSystems, Botond KissCloud on PureSystems, Botond Kiss
Cloud on PureSystems, Botond Kiss
 
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community
Badgeville Summit, Engage 2012 - CASE STUDY : EMC Gamifies Global ECN Community
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
 
JavaOne2012 _linkeddata_oslc
JavaOne2012 _linkeddata_oslcJavaOne2012 _linkeddata_oslc
JavaOne2012 _linkeddata_oslc
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING  TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING  TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING  TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING  TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 

Recently uploaded (20)

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 

Your Data Center Boundaries Don’t Exist Anymore!

  • 1. Your Data Center Boundaries Don’t Exist Anymore! Joram Borenstein (CISSP, CISA) Director, Compliance & Risk Management RSA, The Security Division of EMC © Copyright 2012 EMC Corporation. All rights reserved. 1
  • 2. Agenda  Boundaries don’t exist … let me prove it to you!  A Cautionary Tale: What This Presentation is NOT About  Proof-Points (aka “Critical Issues in Oversight & Compliance”)  OK, So What’s Going On Here?  Real-Life Best Practices to Mitigate These Challenges  Conclusion: Open Questions © Copyright 2012 EMC Corporation. All rights reserved. 2
  • 3. Boundaries © Copyright 2012 EMC Corporation. All rights reserved. 3
  • 4. Boundaries: In Our Personal Lives © Copyright 2012 EMC Corporation. All rights reserved. 4
  • 5. Boundaries: In Our Devices © Copyright 2012 EMC Corporation. All rights reserved. 5
  • 6. Boundaries: Employees’ Access to Cloud  Amazon  Mozy  VMWare  DropBox  Google  Facebook  salesforce.com  EverNote  … and others © Copyright 2012 EMC Corporation. All rights reserved. 6
  • 7. What This Presentation Is NOT About © Copyright 2012 EMC Corporation. All rights reserved. 7
  • 8. What This Presentation is NOT About  Using Virtualization for new-fangled Data Center tricks  New Product Announcements  How to re-architect your Data Center  It is about – Compliance – Auditing – Adjustments in organizational culture © Copyright 2012 EMC Corporation. All rights reserved. 8
  • 9. Data Center Compliance Challenges Visibility Lack of visibility into servers, storage or network infrastructure Automation Difficult to validate technical control measurement Audit No centralized record keeping as audit trail Virtualization New abstraction layers complicate compliance validation © Copyright 2012 EMC Corporation. All rights reserved. 9
  • 10. Proof-Points © Copyright 2012 EMC Corporation. All rights reserved. 10
  • 11. Proof: Press & Analyst Community #s  “Morgan Stanley estimates the percentage of IT departments using the public cloud to rise from 28% in 2011 to 51% by 2014.” – (April 2012 source: http://www.marketwatch.com/story/mozy-expanding-cloud-footprint-within-enterprise- 2012-04-10 )  “More Than One-Third of IT Budgets Now Spent on Cloud” – (April 2012, source: http://www.forbes.com/sites/joemckendrick/2012/04/11/more-than-one-third-of-it- budgets-now-spent-on-cloud-survey/ based on IDG Enterprise Cloud Computing Study (Jan 2012))  “55% ... are using cloud in some capacity today” – (Feb 2012 source: http://www.thedatachain.com/news/2012/2/mid_size_businesses_lead_the_way_in_cloud_adoption ) © Copyright 2012 EMC Corporation. All rights reserved. 11
  • 12. Proof: Start-Up Funding  No boundaries lead to … lots of concern (risk scenarios)  Thesis: basic security building blocks for clouds  Sample Companies – CloudSwitch – PerspecSys Systems) (now – Co3Sys – Gazzang VRZN/TRMK) – salesforce.com – High Cloud – enStratus (acquiring Security – Vaultive Navajo – Many others …  Some of these are simple email encryption gateway vendors  Some assist with migration from legacy OP to cloud © Copyright 2012 EMC Corporation. All rights reserved. 12
  • 13. Proof: An Increasing # of Certifications…  AICPA (American Institute of Certified Public Accountants)  AT 101 = Attest Engagements  3 new reporting designations (“Service Organization Control (SOC) reports”) – SOC 1 – SOC 2 – SOC 3  FYI … SAS-70 = SOC 1 = ISAE-3402 © Copyright 2012 EMC Corporation. All rights reserved. 13
  • 14. Certifications: General Questions SOC 3?  What does my business do? SOC 2  Who are my customers? Type 1 ?  What are they buying from me? SOC 1 Type 2  What sort of customer information do/will I have? ?  What guarantees/confidence do my customers need from my company?  What certifications do my competitors have?  What IT certifications do my financial auditors recommend I get?  Do I have an IT auditor? Should I? I thought this was only for PII and PHI data such as PCI and HIPAA?  OK, so I chose a SOC 1 … now do I need a Type 1 or a Type 2? © Copyright 2012 EMC Corporation. All rights reserved. 14
  • 15. Certifications: Data Center–Specific Questions  Am I prepared as an organization to go through an IT audit? – Do I have a consistent set of controls in place?  Can I get my DC provider to answer IT audit questions? – What does my contract allow?  Does my DC provider have its own certifications? – Which one(s)? – Do they suffice?  What is my DC architecture? – Is it still applicable? – Is the IT Auditor going to understand it? Agree with it? Allow it? © Copyright 2012 EMC Corporation. All rights reserved. 15
  • 16. OK, So What’s Going On Here? © Copyright 2012 EMC Corporation. All rights reserved. 16
  • 17. Do Your Own People Understand These Issues?  “In-The-Trenches” personnel – Can they articulate the changes?  Your Sales Force – Are they aware of how to talk with customers? – Of how contracts might need to change?  Your Legal Department – Are they aware of new privacy legislation? – Are they aware of new compliance needs?  Senior Management – Do they understand the risks? – Can they articulate a vision to customers, partners, and employees?  Your HR Team – “7/10 think their IT departments need to expand their skills to keep up with cloud trends.” – (April 2012, source: http://www.forbes.com/sites/joemckendrick/2012/04/11/more-than-one-third-of-it-budgets-now- spent-on-cloud-survey/ based on IDG Enterprise Cloud Computing Study (Jan 2012)) © Copyright 2012 EMC Corporation. All rights reserved. 17
  • 18. What Are the Compliance Implications?  Industrial – Consortia – Standards groups  Governmental – Within your own country – In other countries you do business in  Internal – Audit – Compliance © Copyright 2012 EMC Corporation. All rights reserved. 18
  • 19. What Are the Regulatory Issues?  Forbidding certain countries  Scoping audits  Virtualization – … make this more complicated for most people  “Elastic” environments  Shared equipment © Copyright 2012 EMC Corporation. All rights reserved. 19
  • 20. What Are the Governance Issues?  Are we prepared?  Do we understand the implications?  Do our existing models still work?  Include our service providers within our governance model? © Copyright 2012 EMC Corporation. All rights reserved. 20
  • 21. Real-Life Best Practices to Mitigate These Challenges © Copyright 2012 EMC Corporation. All rights reserved. 21
  • 22. Real-Life Best Practices to Mitigate These Challenges 1. Educate EVERYONE 2. Re-assess contractual agreements with Service Providers 3. Keep Track of Certifications 4. Keep Track of New Legislation 5. Pick a set of controls which are adaptive © Copyright 2012 EMC Corporation. All rights reserved. 22
  • 23. #1: Educate Everyone  Yes … this takes time  Yes … people won’t understand you at first  Especially the executives!! – Helps $ – Helps when escalation occur – Just plain helps to provide transparency  The Legal Team is your friend  Why Is This Important? – You will need these people! – Decisions across functions will be impacted by these realities – These teams will eventually have to adjust © Copyright 2012 EMC Corporation. All rights reserved. 23
  • 24. #2: Re-Assess Contracts  With Who? – Data Center providers – Service providers – Customers  Why? – You have new risks to consider! – Contractual language may no longer be applicable – SLAs take on new meaning in new contexts – You (might) need new protections © Copyright 2012 EMC Corporation. All rights reserved. 24
  • 25. #3: Keep Track of New Certifications  What do your customers want?  What does your Internal Audit Team demand?  What do your IT Auditors recommend?  What do your financial auditors recommend?  What are you committed to contractually? © Copyright 2012 EMC Corporation. All rights reserved. 25
  • 26. #4: Keep Track of New Legislation  Cloud-related legislation is appearing in many places  Here’s one recent example  European Commission (Jan 2012)  Revising the EU’s 1995 Data Protection Directive  “ ... the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.”  (source: http://ec.europa.eu/justice/newsroom/data- protection/news/120125_en.htm) © Copyright 2012 EMC Corporation. All rights reserved. 26
  • 27. #5: Pick a Control Set(s)  Which adapts as your needs change  Which has industry support  Which makes sense for your organization  Which your customers will respect & support  Keep track of new sets coming out – e.g. HITRUST in the US is not only for healthcare  Re-visit alternative control set(s) regularly  Considering layering them on top of one another © Copyright 2012 EMC Corporation. All rights reserved. 27
  • 28. Conclusion: Open Questions © Copyright 2012 EMC Corporation. All rights reserved. 28
  • 29. Conclusion:  There are emerging best practices that will help in managing the “data center without boundaries” – An effective strategy based on governance, controls and visibility is essential.  There are still lots of open questions – What impact will regulatory changes have? – How do you articulate your vision of the data center without boundaries?  Get involved – Participate in working groups from consortia and others – Attend events such as these to hear about new revelations and innovations – Comment on privacy legislation © Copyright 2012 EMC Corporation. All rights reserved. 29
  • 30. Provide Feedback & Win!  125 attendees will receive $100 iTunes gift cards. To enter the raffle, simply complete: – 5 sessions surveys – The conference survey  Download the EMC World Conference App to learn more: emcworld.com/app © Copyright 2012 EMC Corporation. All rights reserved. 30
  • 31. © Copyright 2012 EMC Corporation. All rights reserved. 31