Harald Leitenmüller, CTO, Microsoft Österreich: Trustworthy Cloud - TiC Keynote
Executive Briefing Graz am 29.4. zum Thema: ‚So sicher ist die Cloud! Datenschutz - & Sicherheit in der Microsoft Cloud‘
1. 15:32
Montag, 30. März 2015
Trustworthy Cloud
Harald Leitenmüller
CTO
Microsoft Österreich GmbH.
2.
3. Delivering cloud-scale services requires
a radical restructuring of technology, processes and people
Enterprise IT Cloud-Scale
10,000
Custodians
Directional
Pull
Physical
Process
Fixed Cost
Silo’d
Loose
Overhead
Regional
Seats
Talent
Data Quality
Data Access
Assessment
Supply Chain
Budget
Architecture
Application integration
Infrastructure
Reach
1,000,000,000
Designers
Foundational
Push
Statistical
Strategic
Rates
Integrated
Tight
Enabler
Global
Custom
Manual
Infrastructure
MTBF
Hardware
Audit
Impacting
99.999%
Primary/Backup
Weeks
UI
Hardware
Deployment
Availability
Operability
Reliability
Security
Network downtime
Network availability
Design
Deployment time
System admin
Commodity
Automated
Service
MTTR
Software
Intrinsic
Irrelevant
99.9%
Active/Active
Minutes
API
Enterprise IT Cloud-Scale
4. Evolution of the Cloud Paradigm
Classic
IT Arch
Public
Cloud
1995 2000 2005 2010 2020
Public
Cloud
PubC
HVS
PubC
Sectorial
Beginning of Lifecycle
Hybrid Cloud
Client
Server ?Data
Center
Modern
DC
On
Premises
Cloud
Evolutionary Paradigm
HVS… high volume service
5. ISO 27018
A Standard for Privacy in the Cloud
6 Key principles for cloud service providers
1. Must not use data for advertising or
marketing unless express consent is
obtained
2. Must be transparent about where
data is stored and how it is handled
3. Must provide customers with
control over how their data is used
4. Must notify customers of their policy
on return and deletion of customer
data
5. Must communicate to customers a
breach that affects personal data
6. Can have services independently
audited to document compliance
6.
7.
8.
9.
10. Business Strategy
Context
Options
Benefits Case
External Compliance
Internal Policy & Architecture
Service Documentation
Independent Verification
Contract Terms
Risk Event
Catalogue
Threat Models
Handbook: Assuring the Security of Cloud Services
http://bit.ly/19HD69L