• Like
Dr Steve Hodgkinson Ovum: The security impacts of cloud services adoption based on research and case studies of early adopters

Dr Steve Hodgkinson Ovum: The security impacts of cloud services adoption based on research and case studies of early adopters

  • 218 views
Uploaded on

Dr. Steve Hodgkinson, Research Director IT APAC, Ovum delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private sector and …

Dr. Steve Hodgkinson, Research Director IT APAC, Ovum delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private sector and focussed on solutions and counter cyber-attacks. For more information about the event, please visit the conference website http://www.informa.com.au/cybersecurityconference

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
218
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud services and information security – insights from early adopters Corporate Cyber Security Summit Grand Hyatt, Melbourne 12 November 2013 Dr Steve Hodgkinson, Research Director IT Asia/Pacific e: steve.hodgkinson@ovum.com m: +61 421 586 960 1 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 2. This presentation is bought to you by the words Pragmatic and Tradeoffs Pragmatic: “advocating behaviour that is dictated more by practical consequences than by theory or dogma” Tradeoff: “an exchange of one thing in return for another, especially relinquishment of one benefit or advantage for another regarded as more desirable” 2 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 3. The cloud services challenge to in-house ICT Higher   Cloud  innova.on  edge   IaaS Maturity  &   sophis.ca.on   of  ICT   capabili.es   Lower   SaaS • opera/onal  scale   • focused  R&D  &  skills   • mul/-­‐tenancy   • business  con/nuity   • itera/ve  evolu/on   • SOA  &  open  APIs   • social  &  mobile   • Internet-­‐age  security   • user  self  service   • usage-­‐based  charging   • vendor  ecosystems   PaaS Enterprise-­‐grade   cloud  services   • legacy  complexity   • diversity  &  fragmenta/on   • budget  cuts   • ageing  assets   • staff  turnover  &  skill  shortages   • project  failures   In-­‐house  ICT   (‘snakes  &  ladders’)   Time   3 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 4. Popular cloud services use cases Source: Pre-event delegate survey for the SE-Corp CIO Strategy Summit Aug 2013 n = 59 4 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 5. Early adopter experiences !  Better solutions !  Faster implementation … its all about enabling innovation !  Reduced costs !  Reduced risks (when all things were considered) The case studies of early adopters reveal more about leadership and decision-making than they do about the abstract benefits of the cloud services model 5 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 6. Tradeoffs ‘Traditional IT’ Services Enterprise-grade Cloud Services Capacity is ‘lumpy’ to scale-up/down Auto-scaling of on-demand capacity Customized to specific business needs Dedicated access to specified resources Owned or licensed long term fixed cost Secured within known network perimeter Legacy & mature technologies Standardized & configured (within limits) Shared access to pooled resources Subscribed service, usage based costs Secured at application and data levels Greenfield & evolving technologies Defined by needs (designs & specs) Defined by service catalogue Contracted for future implementation Contracted for near immediate access Commissioned functional upgrades Customized integration & middleware ‘Insider’/informal SLA quality reporting/audit One-one legal contract sanctions High switching costs to alternatives Process-based risk management Dedicated BCP/DR (often under-invested) 6 Inherited iterative functional evolution Integration using web services APIs Transparent/formal external SLA reporting/audit ‘Collective wrath’ subscriber sanctions Potentially lower switching costs (t.b.c.) Outcomes-based risk management Reliance on cloud resilience/scale for BCP/DR © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 7. Tradeoffs involve compromises … so require motivation ‘Traditional IT’ Services How adequate are the traditional ICT sourcing options? 7 Enterprise-grade Cloud Services How adequate are the available cloud services? © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 8. Tradeoffs may not be required ‘Traditional IT’ Services Enterprise-grade Cloud Services •  Few enterprise adoption proof points •  Limited range and maturity of cloud service offerings •  Business expectations are being meet OK •  ICT capabilities up to the task •  Modern H/W & S/W assets •  Up to date contracts •  Right people/skills •  Adequate ICT capital Why cloud? •  Benefits unclear •  Weak local cloud services •  Concerns over security, trust, sovereignty, lock-in •  Standards and code of practice nascent •  Secure environment •  Project successes 8 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 9. Top challenges/pain points? Source: Pre-event delegate survey for the SE-Corp CIO Strategy Summit Aug 2013 n = 59 9 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 10. Tradeoffs may be urgent … Enterprise-grade Cloud Services ‘Traditional IT’ Services •  Business expectations exceeding ICT means? ? •  Urgent business needs? •  Growing enterprise adoption proof points •  Rapidly growing data? •  Ageing H/W & S/W assets? •  Contract/License expiry? •  People/skill constraints? •  ICT capital constraints? What the? •  Rising range and maturity of cloud service offerings •  Increasing depth of local cloud services •  Security vulnerabilities? •  Catalyst for agile •  Project failures? •  Trust models improving •  Standards improving ? 10 •  Industry code of practice emerging © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 11. Cloud services? Yeah but no but yeah but no but ... 11 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 12. Make the tradeoffs explicit Confidence  (H/M/L)  regarding:   Agency     IT   Shared     Service   Managed  Service   Private     Cloud   Public     Cloud   Business  outcomes?             Func/onality?             Func/onal  evolu/on?             External  access?             Mobility?             Integra/on?             Authen/ca/on?             Service  performance?             Security  compliance?             Privacy  compliance?             Recordkeeping  compliance?             Con/nuity/DR?             Plan  B?             Overall  risk  assessment?                           Capex  cost?   $   $   $   $   $   Yearly  opera/ng  cost?   $   $   $   $   $   3  Year  TCO?   $   $   $   $   $       Overall  Confidence?   12                     © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 13. Be realistic about directions of travel … Higher   Cloud  innova.on  edge   IaaS Maturity  &   sophis.ca.on   of  ICT   capabili.es   Lower   SaaS • opera/onal  scale   • focused  R&D  &  skills   • mul/-­‐tenancy   • business  con/nuity   • itera/ve  evolu/on   • SOA  &  open  APIs   • social  &  mobile   • Internet-­‐age  security   • user  self  service   • usage-­‐based  charging   • vendor  ecosystems   PaaS Enterprise-­‐grade   cloud  services   • legacy  complexity   • diversity  &  fragmenta/on   • budget  cuts   • ageing  assets   • staff  turnover  &  skill  shortages   • project  failures   In-­‐house  ICT   (‘snakes  &  ladders’)   Time   13 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 14. De-perimiterisation? !  Early adopter approaches to security primarily rely on islands of trusted SaaS !  Security-as-a-service is a medium term trend !  software defined perimeter/cloud defined perimeter !  Economies of scale also apply to threat monitoring and ability to diagnose and respond quickly !  See The Jericho Forum http://www.opengroup.org/getinvolved/forums/ jericho 14 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 15. Recommendations !  Act early - address information security compliance issues early in the project lifecycle. !  Know your data - ensure that information is classified and that obligations for its management under relevant applicable legislation are understood. !  Be honest about the status quo - establish a realistic security baseline by reviewing relevant internal and external audit reports. !  Share experiences - talk to peers with cloud service experience to learn how they have addressed their information security obligations. !  Assess the risks - conduct a formal assessment of the information security risks of the cloud service to identify risks and mitigations. !  Get the legals right - ensure that the contract with the cloud services provider: !  Adequately passes information security obligations to the provider. !  Gives sufficient assurance and audit mechanisms regarding the provider’s security controls. !  Sets out the procedures that need to be followed in the case of any potential security breach including notification to the agency of any breaches. !  Is, if necessary, enforceable within your ‘home’ jurisdiction. 15 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.
  • 16. Cloud services and information security – insights from early adopters Corporate Cyber Security Summit Grand Hyatt, Melbourne 12 November 2013 Dr Steve Hodgkinson, Research Director IT Asia/Pacific e: steve.hodgkinson@ovum.com m: +61 421 586 960 16 © Copyright Ovum. All rights reserved. Ovum is part of the Informa Group.