SlideShare a Scribd company logo
1 of 80
Cloud Security- Is my data safe?,[object Object],Justin Pirie,[object Object],@justinpirie,[object Object],blog.mimecast.com,[object Object],jpirie@mimecast.com,[object Object],Cloud Circle - London,[object Object],November 29th2010,[object Object],matthewbradley,[object Object]
Analyst Blogger,[object Object]
Community Manager,[object Object]
Social Media Influence,[object Object]
Where I work,[object Object]
Cloud Services for Microsoft Exchange,[object Object],tipiro,[object Object]
Cloud Wrapper,[object Object]
Email Security,[object Object],matthewbradley,[object Object]
Email Continuity,[object Object],neilalderney123,[object Object]
Email Archive,[object Object],dolescum,[object Object]
How the problem used to be solved...,[object Object]
Benefits of Google Apps,[object Object]
For Microsoft Exchange,[object Object]
What do users get?,[object Object],minifig,[object Object]
Unlimited Storage,[object Object],mescon,[object Object]
Fast Search,[object Object],Ronan_C,[object Object]
Uptime,[object Object],szeke,[object Object]
Over 600,000 users can’t be wrong!,[object Object]
Cloud Security- Is my data safe?,[object Object],matthewbradley,[object Object]
2010 Hype Cycle,[object Object]
2010 Hype Cycle,[object Object]
Grand Canyon between adopters,[object Object],James Marvin Phelps (mandj98),[object Object]
Adopters: Cloud Improved Security,[object Object],57%,[object Object]
Non Adopters: Cloud = Security Risk,[object Object],62%,[object Object]
Unsure about Cloud Security?,[object Object],jessicafm,[object Object]
Security Presented as Binary,[object Object],MarkOMeara,[object Object]
Reality...,[object Object],cdw9,[object Object]
Cloud = Outsourcing,[object Object],stev.ie,[object Object]
BUT with Technical Detail Abstracted,[object Object],Rev. XanatosSatanicosBombasticos (ClintJCL),[object Object]
Which makes Clouds Opaque,[object Object],Andrew Coulter Enright,[object Object]
The reason Cloud is powerful,[object Object],dok1,[object Object]
Is also it’s Achilles Heel,[object Object],Moff,[object Object]
Need for Transparency,[object Object],salmannas,[object Object]
While Protecting Vendor IP...,[object Object], schoschie,[object Object]
AND Cloud is embryonic,[object Object],viralbus,[object Object]
Standards just emerging,[object Object],mayakamina,[object Object]
So.... Caveat Emptor,[object Object], jeffc5000,[object Object]
And why it sometimes feels like this...,[object Object],gxdoyle,[object Object]
Independent Audit?,[object Object],ScottMJones,[object Object]
No Standards!!!,[object Object],Leo Reynolds,[object Object]
Independent 3rd Parties: SAS70, CESG,[object Object],wallyg,[object Object]
Missing Piece?,[object Object],MyklRoventine,[object Object]
ISO 27001...,[object Object],Leo Reynolds,[object Object]
Should you adopt ISO 27001?,[object Object],massdistraction,[object Object]
Best Practice Policy: ENISA,[object Object],TheTruthAbout,[object Object]
Investigate Availability Guarantees,[object Object],Yukon White Light,[object Object]
Data Jurisdiction: clarify,[object Object], IXQUICK,[object Object]
Who has control of your data?,[object Object],DumindaJayasena,[object Object]
Baseline Current Risks,[object Object],Chuck “Caveman” Coker,[object Object]
i.e. Where are we today?,[object Object],Chris D 2006,[object Object]
Trusting Users....,[object Object],Thai Jasmine (Take good care :-)),[object Object]
And Sysadmins....,[object Object],leftcase,[object Object]
Others...,[object Object],Tambako the Jaguar,[object Object]
Permissions Nightmare,[object Object],marimoon,[object Object]
Managing those risks?,[object Object],Patrick Q,[object Object]
Is expensive,[object Object],jo'nas,[object Object]
Got the budget?,[object Object],The Prime Minister's Office,[object Object]
“Quiscustodiet,[object Object],ipsoscustodes?”,[object Object]
Cloud: Guards Guard,[object Object]
Cloud Security?,[object Object],matt.hintsa,[object Object]
#1. It’s their Business,[object Object],Esthr,[object Object]
#2. Financially Responsible,[object Object],wwarby,[object Object]
#3. Scale,[object Object],laffy4k,[object Object]
#4. Specialised Skills,[object Object],SarahMcDॐ,[object Object]
#5. Cumulative Effect of Multiple Customers,[object Object],Leo Reynolds,[object Object]
#6. Best Practice: Embedded, Distributed ,[object Object],Lars Plougmann,[object Object]
#7. Focus,[object Object],Chris Campbell,[object Object]
Want to be the Guards Guard?,[object Object]
Remember: Caveat Emptor,[object Object], jeffc5000,[object Object]
But proportional to Risk,[object Object],gxdoyle,[object Object]
Over to Damien,[object Object],Justin Pirie,[object Object],@justinpirie,[object Object],blog.mimecast.com,[object Object],jpirie@mimecast.com,[object Object],matthewbradley,[object Object]
Security, reliability, compliance and governance; the importance of aligning the Cloud with your existing security and governance policies ,[object Object],Damien Behan,[object Object],IT Director, Brodies LLP,[object Object]
“The internet is not for private things, do not put them there” – a twitterer,[object Object],http://datavis.tumblr.com/post/1372863949/internet-vs-privacy-a-helpful-venn-diagram,[object Object]
Perceptions of the cloud?,[object Object],SECURITY,[object Object],THE CLOUD,[object Object]
“The fact of the matter is that the cloud is just another boring make vs. buy decision, and the sooner those in IT management realize this, the less likely they are to build potentially career-ending plans based on clouds and rainbows.” Patrick Gray on zdnet.com,[object Object]
Due diligence,[object Object],Like any outsourcing service, ask…,[object Object],[object Object]
Who?
What?
Where?
How?

More Related Content

Viewers also liked

Empowering and Securing BYOD Email
Empowering and Securing BYOD EmailEmpowering and Securing BYOD Email
Empowering and Securing BYOD EmailJustin Pirie
 
Cloud and The Channel- Where's the space?
Cloud and The Channel- Where's the space?Cloud and The Channel- Where's the space?
Cloud and The Channel- Where's the space?Justin Pirie
 
The end of IT as we know it.
The end of IT as we know it.The end of IT as we know it.
The end of IT as we know it.Justin Pirie
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
Synergistic outcomes company
Synergistic outcomes companySynergistic outcomes company
Synergistic outcomes companyAnil Salick
 
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...Justin Pirie
 
Unifying Devices in the Cloud
Unifying Devices in the CloudUnifying Devices in the Cloud
Unifying Devices in the CloudJustin Pirie
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloudPano Xinos
 
The Great Migration- Cloud Circle
The Great Migration- Cloud CircleThe Great Migration- Cloud Circle
The Great Migration- Cloud CircleJustin Pirie
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
ค่าเฉลี่ยเลขคณิต
ค่าเฉลี่ยเลขคณิตค่าเฉลี่ยเลขคณิต
ค่าเฉลี่ยเลขคณิตBangon Suyana
 
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGESECURITY IN CLOUD COMPUTINGPRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGESECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGKayalvizhi Selvaraj
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?Amazon Web Services
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingIlyas F ☁☁☁
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Viewers also liked (16)

Empowering and Securing BYOD Email
Empowering and Securing BYOD EmailEmpowering and Securing BYOD Email
Empowering and Securing BYOD Email
 
Cloud and The Channel- Where's the space?
Cloud and The Channel- Where's the space?Cloud and The Channel- Where's the space?
Cloud and The Channel- Where's the space?
 
The end of IT as we know it.
The end of IT as we know it.The end of IT as we know it.
The end of IT as we know it.
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
Synergistic outcomes company
Synergistic outcomes companySynergistic outcomes company
Synergistic outcomes company
 
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...
HostingCon 2011- How Not Just to Survive but Thrive in the Evolving Hosting M...
 
Unifying Devices in the Cloud
Unifying Devices in the CloudUnifying Devices in the Cloud
Unifying Devices in the Cloud
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloud
 
The Great Migration- Cloud Circle
The Great Migration- Cloud CircleThe Great Migration- Cloud Circle
The Great Migration- Cloud Circle
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
ค่าเฉลี่ยเลขคณิต
ค่าเฉลี่ยเลขคณิตค่าเฉลี่ยเลขคณิต
ค่าเฉลี่ยเลขคณิต
 
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGESECURITY IN CLOUD COMPUTINGPRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGESECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similar to Cloud Security: Is My Data Safe?

Cloud Security- In Perspective
Cloud Security- In PerspectiveCloud Security- In Perspective
Cloud Security- In PerspectiveJustin Pirie
 
CLT Legal Cloud Conference
CLT Legal Cloud ConferenceCLT Legal Cloud Conference
CLT Legal Cloud ConferenceJustin Pirie
 
Cloud Adoption Secrets
Cloud Adoption SecretsCloud Adoption Secrets
Cloud Adoption SecretsJustin Pirie
 
Skåne Azure User Group - Azure Security
Skåne Azure User Group - Azure SecuritySkåne Azure User Group - Azure Security
Skåne Azure User Group - Azure SecurityTom Janetscheck
 
False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011David Linthicum
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceDavid Jones
 
Private Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionPrivate Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionDana Gardner
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessJoAnna Cheshire
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
 
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsCloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsEasynet Connect
 
Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0PT Datacomm Diangraha
 
Cloud Security Myths vs Facts
Cloud Security Myths vs FactsCloud Security Myths vs Facts
Cloud Security Myths vs FactsOPAQ
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs FactsOPAQ
 
Cloud: Space for the Channel?
Cloud: Space for the Channel?Cloud: Space for the Channel?
Cloud: Space for the Channel?Justin Pirie
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Vince Santo
 
SPSUK2013 - Matt Groves - Cloud Readiness
SPSUK2013 - Matt Groves - Cloud ReadinessSPSUK2013 - Matt Groves - Cloud Readiness
SPSUK2013 - Matt Groves - Cloud ReadinessMatt Groves
 
Beyond the Cloud - Click Digital Expo 2016 - Jamin Andrews
Beyond the Cloud -  Click Digital Expo 2016 - Jamin AndrewsBeyond the Cloud -  Click Digital Expo 2016 - Jamin Andrews
Beyond the Cloud - Click Digital Expo 2016 - Jamin AndrewsJamin Andrews
 

Similar to Cloud Security: Is My Data Safe? (20)

Cloud Security- In Perspective
Cloud Security- In PerspectiveCloud Security- In Perspective
Cloud Security- In Perspective
 
CLT Legal Cloud Conference
CLT Legal Cloud ConferenceCLT Legal Cloud Conference
CLT Legal Cloud Conference
 
Cloud Adoption Secrets
Cloud Adoption SecretsCloud Adoption Secrets
Cloud Adoption Secrets
 
Cloud. Why? How
Cloud. Why? HowCloud. Why? How
Cloud. Why? How
 
Skåne Azure User Group - Azure Security
Skåne Azure User Group - Azure SecuritySkåne Azure User Group - Azure Security
Skåne Azure User Group - Azure Security
 
False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security Alliance
 
Private Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionPrivate Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing Adoption
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration Painless
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | Sysfore
 
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsCloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEs
 
Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0
 
Cloud Security Myths vs Facts
Cloud Security Myths vs FactsCloud Security Myths vs Facts
Cloud Security Myths vs Facts
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs Facts
 
Cloud: Space for the Channel?
Cloud: Space for the Channel?Cloud: Space for the Channel?
Cloud: Space for the Channel?
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010
 
SPSUK2013 - Matt Groves - Cloud Readiness
SPSUK2013 - Matt Groves - Cloud ReadinessSPSUK2013 - Matt Groves - Cloud Readiness
SPSUK2013 - Matt Groves - Cloud Readiness
 
Beyond the Cloud - Click Digital Expo 2016 - Jamin Andrews
Beyond the Cloud -  Click Digital Expo 2016 - Jamin AndrewsBeyond the Cloud -  Click Digital Expo 2016 - Jamin Andrews
Beyond the Cloud - Click Digital Expo 2016 - Jamin Andrews
 

More from Justin Pirie

Adoption Trends for SaaS- Cloud Computing World Forum 2012
Adoption Trends for SaaS- Cloud Computing World Forum 2012Adoption Trends for SaaS- Cloud Computing World Forum 2012
Adoption Trends for SaaS- Cloud Computing World Forum 2012Justin Pirie
 
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell Cloud
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell CloudMicrosoft Hosters Sweden- Becoming a Trusted Advisor to Sell Cloud
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell CloudJustin Pirie
 
CLT Law Conference Cloud intro
CLT Law Conference Cloud introCLT Law Conference Cloud intro
CLT Law Conference Cloud introJustin Pirie
 
Copenhagen Lean Startup
Copenhagen Lean StartupCopenhagen Lean Startup
Copenhagen Lean StartupJustin Pirie
 
Bristol Tech Startup School: Lean Startup
Bristol Tech Startup School: Lean StartupBristol Tech Startup School: Lean Startup
Bristol Tech Startup School: Lean StartupJustin Pirie
 
Microsoft Worldwide Partner Conference Session
Microsoft Worldwide Partner Conference SessionMicrosoft Worldwide Partner Conference Session
Microsoft Worldwide Partner Conference SessionJustin Pirie
 
Cloud- A Technical or Organisational Challenge? Or Both?
Cloud- A Technical or Organisational Challenge? Or Both?Cloud- A Technical or Organisational Challenge? Or Both?
Cloud- A Technical or Organisational Challenge? Or Both?Justin Pirie
 
Email: The Future Direction
Email: The Future DirectionEmail: The Future Direction
Email: The Future DirectionJustin Pirie
 
Cloud and the Channel- A Perfect Storm?
Cloud and the Channel- A Perfect Storm?Cloud and the Channel- A Perfect Storm?
Cloud and the Channel- A Perfect Storm?Justin Pirie
 
Lean Startup - A Primer for Entrepreneurs
Lean Startup - A Primer for EntrepreneursLean Startup - A Primer for Entrepreneurs
Lean Startup - A Primer for EntrepreneursJustin Pirie
 
The Hidden Security Danger – Don’t Let Email Be Your Downfall
The Hidden Security Danger –  Don’t Let Email Be Your Downfall The Hidden Security Danger –  Don’t Let Email Be Your Downfall
The Hidden Security Danger – Don’t Let Email Be Your Downfall Justin Pirie
 
Mimecast Partner Day
Mimecast Partner DayMimecast Partner Day
Mimecast Partner DayJustin Pirie
 
Lean Startup- a primer for Entrepreneurs
Lean Startup- a primer for EntrepreneursLean Startup- a primer for Entrepreneurs
Lean Startup- a primer for EntrepreneursJustin Pirie
 
Constructing the Case for Cloud
Constructing the Case for CloudConstructing the Case for Cloud
Constructing the Case for CloudJustin Pirie
 
Rackspace Feb 2010 with Text
Rackspace Feb 2010 with TextRackspace Feb 2010 with Text
Rackspace Feb 2010 with TextJustin Pirie
 
Does the Cloud ROI Stack up- or does it fall?
Does the Cloud ROI Stack up- or does it fall?Does the Cloud ROI Stack up- or does it fall?
Does the Cloud ROI Stack up- or does it fall?Justin Pirie
 

More from Justin Pirie (16)

Adoption Trends for SaaS- Cloud Computing World Forum 2012
Adoption Trends for SaaS- Cloud Computing World Forum 2012Adoption Trends for SaaS- Cloud Computing World Forum 2012
Adoption Trends for SaaS- Cloud Computing World Forum 2012
 
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell Cloud
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell CloudMicrosoft Hosters Sweden- Becoming a Trusted Advisor to Sell Cloud
Microsoft Hosters Sweden- Becoming a Trusted Advisor to Sell Cloud
 
CLT Law Conference Cloud intro
CLT Law Conference Cloud introCLT Law Conference Cloud intro
CLT Law Conference Cloud intro
 
Copenhagen Lean Startup
Copenhagen Lean StartupCopenhagen Lean Startup
Copenhagen Lean Startup
 
Bristol Tech Startup School: Lean Startup
Bristol Tech Startup School: Lean StartupBristol Tech Startup School: Lean Startup
Bristol Tech Startup School: Lean Startup
 
Microsoft Worldwide Partner Conference Session
Microsoft Worldwide Partner Conference SessionMicrosoft Worldwide Partner Conference Session
Microsoft Worldwide Partner Conference Session
 
Cloud- A Technical or Organisational Challenge? Or Both?
Cloud- A Technical or Organisational Challenge? Or Both?Cloud- A Technical or Organisational Challenge? Or Both?
Cloud- A Technical or Organisational Challenge? Or Both?
 
Email: The Future Direction
Email: The Future DirectionEmail: The Future Direction
Email: The Future Direction
 
Cloud and the Channel- A Perfect Storm?
Cloud and the Channel- A Perfect Storm?Cloud and the Channel- A Perfect Storm?
Cloud and the Channel- A Perfect Storm?
 
Lean Startup - A Primer for Entrepreneurs
Lean Startup - A Primer for EntrepreneursLean Startup - A Primer for Entrepreneurs
Lean Startup - A Primer for Entrepreneurs
 
The Hidden Security Danger – Don’t Let Email Be Your Downfall
The Hidden Security Danger –  Don’t Let Email Be Your Downfall The Hidden Security Danger –  Don’t Let Email Be Your Downfall
The Hidden Security Danger – Don’t Let Email Be Your Downfall
 
Mimecast Partner Day
Mimecast Partner DayMimecast Partner Day
Mimecast Partner Day
 
Lean Startup- a primer for Entrepreneurs
Lean Startup- a primer for EntrepreneursLean Startup- a primer for Entrepreneurs
Lean Startup- a primer for Entrepreneurs
 
Constructing the Case for Cloud
Constructing the Case for CloudConstructing the Case for Cloud
Constructing the Case for Cloud
 
Rackspace Feb 2010 with Text
Rackspace Feb 2010 with TextRackspace Feb 2010 with Text
Rackspace Feb 2010 with Text
 
Does the Cloud ROI Stack up- or does it fall?
Does the Cloud ROI Stack up- or does it fall?Does the Cloud ROI Stack up- or does it fall?
Does the Cloud ROI Stack up- or does it fall?
 

Recently uploaded

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 

Recently uploaded (20)

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 

Cloud Security: Is My Data Safe?

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77. Who?
  • 78. What?
  • 80. How?
  • 81.
  • 82.
  • 86. Service levels & limitations
  • 87.
  • 88.
  • 89.
  • 90.

Editor's Notes

  1. Intro Myself and where I workAnswer the key question- is my data safeWhat are the hurdles we have to cross? What are the actionable things we can do?Why should you consider going to the cloud?
  2. Security
  3. Continutity
  4. Archive
  5. Bringing all the benefits of Google apps- horizontal scalability, reliability, etc
  6. To Microsoft Exchange
  7. 2010 Gartner Hype Cycle for emerging technologies
  8. 2010 Gartner Hype Cycle for emerging technologies
  9. From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  10. From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  11. Why are some People are unsure about Cloud Security
  12. Security is often presented as a binary object. It’s not.
  13. It’s much more complex than that.
  14. Technical details are abstracted
  15. Probably because of the relative opacity of Cloud compared to the transparency of a private network and the control you can exert on it
  16. Are it’s Achilles heel
  17. Without revealing to much intellectual property- the main differentiator in Cloud
  18. Standards are only just emerging
  19. Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  20. Which is why we in cloud feel like we’re being beaten up...
  21. Independent Audit?
  22. There are no standards...There is not a best practice independent security methodology for cloud. Clouds are opaque. Technical complexity is abstracted. Proper audit / DD requires transparency. But transparency would reveal IP.
  23. Independent 3rd party is so important to validate claims in depthSAS 70, CESG etc
  24. Spot the missing one?
  25. ISO 27001- ISO 27001 doesn’t fit the cloud- 5 year old standard currently- to be reviewed in 2012- CSA helping update controls for the Cloud
  26. ·          Should you adopt ISO 20071? What sort of protection will it grant you? Yes. Because it’s a framework for managing security. A process. Set of Documentation. Set of controls. Working out how much acceptable risk What risk are you exposed to Which are greater than the accpectablerisck What controls do you need to manage- taken from annex A Deploy the controls in an auditable way- constantly approve Compliance- testing Governance Risk Complaince- testing to make sure your controls It Scales
  27. Control and governance; what should be the basis of your Cloud Data Best Practice Policy- ENISA
  28. ·          Investigating availability guarantees and penalties and examining your supplier’s disaster recovery strategy Important- they do what they say the do The bar to what you set that at needs to be relevant to what you have already- BASELINE!!! Realistic expectation Based on the data you’re going to outsource Look at historical performance- not a predictor for the future- but relevant Look at their DR strategy- if you have 2 data centres- that should be the expectation Map your requirements to the provider
  29. ·          Data compliance; the importance of clarifying where your data will be stored and who will have access to your information Jurisdiction EU/ Patriot / RIPA / Safe Harbour
  30. ·          Ultimately, who has control over your data? When you save your data- need to understand Look at service providers to the same extent MBTF- encryption look at service providers Cloud should be architected differently People shouldn’t be fooled by “cloud” technology See behind the fog Often it’s really hard because of the opaqueness   Integretity of Data Critical End to end vs middleware Designed to hook together  Managing service provider obligations Asses the risk- make sure the risk you’re willing to accept is related in the SLA Review- annually? Any deviation look for recompense or additional controls Blunt instrument Make sure compliance and information governance are involved early on in the process of negotiating SLA- lawyers don’t know about GRC
  31. The key is to understand your current risks- baseline them
  32. i.e. Where are we today?
  33. Users Applications File shares Email Document management
  34. Sysadmins User based access Server access Database access
  35. Others: Internet VPN Extranet Customer/Partner portals API’s Suppliers Telco’s Tape warehousing Backup delivery personnel
  36. Ends up in a Permissions Nightmare- or a brittle infrastructure
  37. How are we managing those risks today?
  38. Are you given the budget / skills to do it?
  39. “Quiscustodietipsoscustodes?”Who will guard the guards themselves?DecimusIuniusIuvenalis
  40. Cloud can be a way to become a guard’s guard, instead of the guard
  41. Reasons to go Cloud Security
  42. Reason to go Cloud security #1 It’s their business- and their reputation depends on it
  43. #2 Money - they are held financially responsible
  44. Reason #3 Scale- Cloud platforms have scale that customers could never achieve on their own- protecting against large scale attacks
  45. Reason #4 Specialised Skills- employ specific people to do specialised job. Cumulative effect of multiple customers
  46. Cumulative effect of multiple customers
  47. Best Practice embedded in organisation and distributed. Not dependent on one person
  48. Not just about competence and budget- but focus. It’s all they do.
  49. Cloud can be a way to become a guard’s guard, instead of the guard
  50. Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  51. But make it proportional to risk- especially to CURRENT RISKS