Peter Coffee Open Group Cloud Security Debate Seattle 2010/02/03

907 views
870 views

Published on

The case for the securability of the cloud, especially in the context of (i) existing state of (in)security in the on-premise data center and (ii) value of added information leverage, even versus worst-case assessment of added risk, for information assets in cloud environments

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
907
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Peter Coffee Open Group Cloud Security Debate Seattle 2010/02/03

  1. 1. Yes, Clouds Can Be Secure Peter Coffee Director of Platform Research salesforce.com
  2. 2. Safe Harbor Statement “Safe harbor” statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward- looking statements including but not limited to statements concerning the potential market for our existing service offerings and future offerings. All of our forward looking statements involve risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions proves incorrect, our results could differ materially from the results expressed or implied by the forward-looking statements we make. The risks and uncertainties referred to above include - but are not limited to - risks associated with possible fluctuations in our operating results and cash flows, rate of growth and anticipated revenue run rate, errors, interruptions or delays in our service or our Web hosting, our new business model, our history of operating losses, the possibility that we will not remain profitable, breach of our security measures, the emerging market in which we operate, our relatively limited operating history, our ability to hire, retain and motivate our employees and manage our growth, competition, our ability to continue to release and gain customer acceptance of new and improved versions of our service, customer and partner acceptance of the AppExchange, successful customer deployment and utilization of our services, unanticipated changes in our effective tax rate, fluctuations in the number of shares outstanding, the price of such shares, foreign currency exchange rates and interest rates. Further information on these and other factors that could affect our financial results is included in reports on Forms 10-K, 10-Q and 8-K and in other filings we make with the Securities and Exchange Commission from time to time. These documents are available in the SEC Filings section under Investor Information at www.salesforce.com/investor. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as required by law.
  3. 3. What is “secure”?
  4. 4. The Nouns and Verbs of Security Preserve integrity, availability & access Permit authentication and authorization Assure confidentiality & control Promote awareness and accountability Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
  5. 5. The Nouns and Verbs of Security Preserve integrity, availability & access Permit authentication and authorization Assure confidentiality & control Promote awareness and accountability Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
  6. 6. The Nouns and Verbs of Security If all you want is data protection, put it on tape and store it in a Kansas cavern The point of security is to maximize the risk-adjusted value of the asset: money in a bank, not under a mattress Infosec is therefore a process, not a product; a mode of travel, not a destination
  7. 7. “Secure” against what?
  8. 8. “Who” Matters So Much More than “Where” "There are five common factors that lead to the compromise of database information": • ignorance • poor password management • rampant account sharing • unfettered access to data • excessive portability of data DarkReading.com, October 2009
  9. 9. Clouds Can Be Usefully Secure
  10. 10. Single-Tenant vs. Multi-Tenant Clouds Shared infrastructure Other apps App 2 App 1 App Server App 3 App Server Database App Server Database OS Database OS Server OS Server Storage Server Storage Network Storage Network Network Single tenancy entails creation of multiple In a multi-tenant environment, all software stacks, whether real or virtual: applications run under a common trust each layer in each stack represents a model: more manageable, more consistent, distinct opportunity for misconfiguration or more subject to rigorous scrutiny by trained other sources of security risk specialists (internal & customer)
  11. 11. Every Act an Invocation: Granular Privilege
  12. 12. Bottom-Up Design to be “Shared and Secure” Apply Data Login… Authenticate… Security Rules… View Filtered Content Password security policies Rich Sharing Rules User Profiles SSO/2-factor solutions
  13. 13. Governance: More Eyes, More Agendas Expanding legislation, regulation, mainstream mind share Rising standard of due diligence Desktop/laptop systems carry far too much “state” – More data than people actually use – Far too much data that user may easily lose – More than one version of what should be one shared truth Cloud’s Solutions: – Logical view of exactly one database – Profile definitions manage privilege sets – Activity logs precisely record actions
  14. 14. Common Controls + Customer Choices Strong Session Management Every row in the database contains an ORG_ID - Unique encoded string Session Tokens – user unique, non-predictable long random value generated for each session combined with a routing “hint” and checksum, base64 encoded Contains no user-identifiable information Session Timeout – 15 Mins to 8 Hrs Lock Sessions to IP – prevent hijacking and replay attacks SSLv3/TLS used to prevent token capture / session hijacking Session Logout – Explicitly expire and destroy the session
  15. 15. Put What You Want, Where You Want “This is process lite. It gives my business users what they want, a unique app for each sales team, fundamentally reflecting their own personality. “And yes, I get a single standard SAP integration. It’s a terrific success.” –CIO, Fortune 500 Firm Deployments Sales Sales 4 Months Distributors (Oct ’06- Feb ’07) Distributors EMEA 1 Month EMEA (Dec ’06) Inside Sales Inside Sales AFS Global 5 Months AFS Global (Dec ’06 – May ’07) Sales Sales SAP back-end FLPR Field FLPR Field 2Q07 integration Sales Sales Customized for Diverse Sales Groups
  16. 16. World-Class Defense in Depth Facility Security Network Security Platform Security • 24x365 on site security • Fault tolerant external firewall • SSL data encryption • Biometric readers, man traps • Intrusion detection systems • Optional strict password policies • Anonymous exterior • Best practices secure systems mgmt • SAS 70 Type II & SysTrust Certification • Silent alarm • 3rd party vulnerability assessments • Security certifications from Fortune 50 • CCTV financial services customers • Motion detection • May 2008: ISO 27001 Certification • N+1 infrastructure “There are some strong technical security arguments in favor of Cloud Computing… (Craig Balding, Fortune 500 security practitioner)
  17. 17. Trust is a Product of Transparency
  18. 18. How salesforce.com Achieves Trust Robust infrastructure security Rigorous operational security Granular customer controls – Role-based privilege sets – Convenient access control & audit “Sum of all fears” scrutiny and response – Multi-tenancy reduces opportunities for error – The most demanding customer sets the bar
  19. 19. Peter Coffee Director of Platform Research pcoffee@salesforce.com Next? facebook.com/peter.coffee twitter.com/petercoffee

×