Martine Lapierre - Security in Cloud computing: sharing more than resources


Published on

Martine Lapierre - Security in Cloud computing: sharing more than resources

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Martine Lapierre - Security in Cloud computing: sharing more than resources

  1. 1. Security in Cloud computing:sharing more than resourcesMartine Lapierre, THALES DSC, Technical Director23-27 November 2009
  2. 2. Growing need of IaaS - Cloud would help: Smart Environment Smart cities Smart transport Smart energy healthcare monitoringCloud computing implies loss of controlChoices of cloud offering Private based on: Hybrid– reputation to ensure Public protection and confidentiality– ability of the cloud provider to prove that there is ‘no’ loss of control
  3. 3. eHealth cloud example Data processing Journalisation of acts must satisfy (legal proof), Dedicated network infra European data Journalisation of protectionMonitoring Iaas Health (cyber defense Iaas access traces) Patients center Private cloud Sensitive data Network should be transactions destroyed at a Make encryption, Is available to timeavailable to specified Doctors, IsData storage available to nurses protection/ Medical content data Data should not External eHealth driven leave the original service providers security country of collection at any– Satisfy strict regulatory requirements time– Very sensitive to negative public perception
  4. 4. Customer’s view on securityAre my data secure in the Cloud ? Who can access the data ? Can I access my data at any time ? What is the SLA ? Can I stop my contract at any time ? (reversibility)Can I comply with laws and regulation ? Where are my data ? What about if disclosure ? How long are my data kept if I ask for suppression ? How is managed the requisition process ?Who is responsible? Loss of control while maintaining accountability even if operational responsibility falls upon 3rd parties In case of failure in services outsourced to the cloud, the customer cannot meet his duty to his own customers and is exposed to liability
  5. 5. Legal and regulatory challenges Understand the consequences of decoupling data from infrastructure. Regulation of cross-border data flows cloud providers operate datacenters in multiple locations and transfer data among them. Coherent regulations on privacy, data retention EU member states have divergent views as to whether cloud providers need to retain data and for how long. Enhance criminal enforcement of crimes Aggregation of data in cloud data centers are attractive targets for hackers. Incident response. Compliant storage certification Interoperability standards in cloud
  6. 6. Security challengesQuality of service guaranties Multi-tenancy issues and isolationCertification and Insecure interfaces in federation accreditation contextCompliance to regulations Data protectionID management, RBAC Cloud infrastructure protectionLogging, audit Portability, reversibility From Randy Marchany
  7. 7. THANK YOU!ICSOC-ServiceWave 2009