Cloud Security: Trust and Transformation


Published on

Common concerns regarding cloud security are increasingly being recognized as speculative cases, compared to the reality of how IT governance often fails in traditional on-premise environments: failure modes that the cloud model greatly offsets

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Granular, governable and auditable privilege assignment elevates security in the cloud above what’s achieved in legacy environments
  • When you design from Day 1 for massive sharing, you build in a representation of data ownership from the bottom up instead of trying to construct a perimeter
  • Granular, governable and auditable privilege assignment elevates security in the cloud above what’s achieved in legacy environments
  • Regulations often fail to reflect the state of technology and the current understanding of best practices, but governments still…govern
  • What security or similar certifications do you have? (i.e. FIPS, SAS-70, PCI)
  • Cloud Security: Trust and Transformation

    1. 1. Trust and Transformation:The Compelling Case for the CloudPeter CoffeeVP / Head of Platform inc.
    2. 2. Public Clouds of Public Trust:The End of ‘Forbidden Zones’ General Economic Health & Defense & TransportationGovernment Development Human Services Public Safety Science & Environment Political Campaigns & Advocacy Culture & Education
    3. 3. Cloud Objections Are Being Addressed Security: American Bankers Association blog says an enterprise should “verify that any outsourcing partner meets its standards. However, once verified, a cloud partner can actually provide greater security.” Capacity / Availability: – Overall service portfolio routinely exceeds 600M transactions/day – Availability routinely > four 9s, converging on 24 × 365 operations Compliance: United States’ National Institute of Standards and Technology says cloud-resident data “can be more available, faster to restore, and more reliable… [and] less of a risk than having data dispersed on portable computers or removable media.”
    4. 4. Best Practices Matter More than Data Location "There are five common factors that lead to the compromise of database information": • ignorance • poor password management • rampant account sharing • unfettered access to data • excessive portability of data, October 2009
    5. 5. Trusted Advisors Recommend the Cloud Potential benefits from transitioning to a public cloud computing environment: • Staff Specialization • Platform Strength • Resource Availability • Backup and Recovery • Mobile Endpoints • Data Concentration
    6. 6. was designed from Line 1… …to be “Shared and Secure” Apply Data Login… Authenticate… Security Rules… View Filtered Content Password security policies Rich Sharing Rules User Profiles SSO/2-factor solutions
    7. 7. Granular Privilege Assignment+ Expanding Ecosystem of Management Tools
    8. 8. All Assets Secured, All the Time Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients… Multitenancy is here to stay. Our research and analysis indicates that multitenancy is not a less secure model — quite the opposite!
    9. 9. Data Stewardship is a Practice, not a Technology  Data protection regulations – Where can it be stored? – Who’s allowed to see it?  Peel the onion of ‘compliance’ – Anonymize/encrypt/partition specific fields – Cloud disciplines can enhance auditability • Role-based privilege assignment • Actions taken using granted privileges  Looking beyond the FUD – USA PATRIOT Act sometimes causes concern about powers of US government to access data – Limited to information-gathering related to matters of urgent national security – Use of USA PATRIOT Act requires involvement by all three branches of the US government – Many other countries, including in Europe, have very similar powers
    10. 10. Trust is Earned by Transparency
    11. 11. Continued Availability Improvement Spring ‘11 Summer ‘11 Winter ‘12 inter ’12 release: downtime reduced to 2 hours “Great work reducing the pain of the quarterly upgrade so dramatically. urtheror difference to of maintenance downtime in downtime and The reduction our overstated.” 2 3 hours can’t be business between 2 or 3 minutes of FY13
    12. 12. Becoming ‘Securely Social’  What is the organization’s mission?  What information supports that mission?  Where does it originate?  Who holds it?  Who can see it?  What events change it?  When is that important?  How do people know?  How can people act?  These are not new questions: NSA IAM introduced 2004
    13. 13. Trust is Essential Enabler for Cloud Adoption  Robust infrastructure security  Rigorous operational security  Granular customer controls – Role-based privilege sets – Convenient access control & audit  “Sum of all fears” superset protection – Multi-tenancy reduces opportunities for error – The most demanding customer sets the bar – FISMA: FIPS 199 LOW and MODERATE – PCI DSS Compliance Level 1 – Comprehensive and continuing audit and certification
    14. 14. Peter CoffeeVP / Head of Platform Research