Cloud Security- In Perspective

4,234 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,234
On SlideShare
0
From Embeds
0
Number of Embeds
2,825
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Security
  • Security
  • Continutity
  • Archive
  • Bringing all the benefits of Google apps- horizontal scalability, reliability, etc
  • To Microsoft Exchange
  • Security
  • Security
  • From the Mimecast Cloud Adoption Survey
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • 2010 Gartner Hype Cycle for emerging technologies
  • 2010 Gartner Hype Cycle for emerging technologies
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • Or being blocked
  • What’s the problem?
  • Standards are only just emerging
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • Which is why we in cloud feel like we’re being beaten up...
  • Security
  • Security is often presented as a binary object. It’s not.
  • It’s much more complex than that.
  • What is security?
  • Security is the management of risks
  • Define Acceptable risk
  • Step #6: Monitor Risks
  • Some People are unsure about Cloud Security
  • Probably because of the relative opacity of Cloud compared to the transparency of a private network and the control you can exert on it
  • The key is to understand your current risks- baseline them
  • i.e. Where are we today?
  • Users Applications File shares Email Document management
  • Sysadmins User based access Server access Database access
  • Others: Internet VPN Extranet Customer/Partner portals API’s Suppliers Telco’s Tape warehousing Backup delivery personnel
  • Permissions Nightmare
  • How are we managing those risks today?
  • Applying the 6 step process?
  • Are you given the budget / skills to do it?
  • “Quiscustodietipsoscustodes?”Who will guard the guards themselves?DecimusIuniusIuvenalis
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Reasons to go Cloud Security
  • Reason to go Cloud security #1 It’s their business- and their reputation depends on it
  • #2 Money - they are held financially responsible
  • Reason #3 Scale- Cloud platforms have scale that customers could never achieve on their own- protecting against large scale attacks
  • Reason #4 Specialised Skills- employ specific people to do specialised job. Cumulative effect of multiple customers
  • Cumulative effect of multiple customers
  • Best Practice embedded in organisation and distributed. Not dependent on one person
  • Not just about competence and budget- but focus. It’s all they do.
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • But make it proportional to risk- especially to CURRENT RISKS
  • Security
  • Cloud Security- In Perspective

    1. 1. Cloud Security- Is my data safe?<br />Justin Pirie<br />@justinpirie<br />blog.mimecast.com<br />jpirie@mimecast.com<br />CMA- London<br />September 29th2010<br />matthewbradley<br />
    2. 2. Analyst Blogger<br />
    3. 3. Community Manager<br />
    4. 4. Social Media Influence<br />
    5. 5. Where I work<br />
    6. 6. Cloud Services for Microsoft Exchange<br />tipiro<br />
    7. 7. Cloud Wrapper<br />
    8. 8. Email Security<br />matthewbradley<br />
    9. 9. Email Continuity<br />neilalderney123<br />
    10. 10. Email Archive<br />dolescum<br />
    11. 11. Benefits of Google Apps<br />
    12. 12. For Microsoft Exchange<br />
    13. 13. What do users get?<br />minifig<br />
    14. 14. Unlimited Storage<br />mescon<br />
    15. 15. Fast Search<br />Ronan_C<br />
    16. 16. Uptime<br />szeke<br />
    17. 17. Over 500,000 users can’t be wrong!<br />
    18. 18. Cloud Security- Is my data safe?<br />matthewbradley<br />
    19. 19. Today’s Presentation<br />iSlime<br />
    20. 20. Area I normally specialise in...<br />massdistraction<br />
    21. 21. James Blake<br />Barry Gill<br />Cloud Security Experts<br />matthewbradley<br />
    22. 22. James Blake- CISO<br />flik<br />
    23. 23. Barry Gill...<br />bowbrick<br />
    24. 24. Can’t walk...<br />Badly Drawn Dad<br />
    25. 25. Stuck with me<br />Pixzamillion<br />
    26. 26. Cloud Landscape<br />zoutedrop<br />
    27. 27. Lets have some data<br />bionicteaching<br />
    28. 28. To Understand<br />russelldavies<br />
    29. 29. US Cloud Adoption<br />2009 = 36%<br />
    30. 30. US Cloud Adoption<br />2010 = 56%<br />
    31. 31. US Businesses Considering Adopting<br />70%<br />
    32. 32. UK lags behind US attitudes<br />6%<br />
    33. 33. 2010 Hype Cycle<br />
    34. 34. 2010 Hype Cycle<br />
    35. 35. Grand Canyon between adopters<br />James Marvin Phelps (mandj98)<br />
    36. 36. Adopters: Cloud Improved Security<br />57%<br />
    37. 37. Non Adopters: Cloud = Security Risk<br />62%<br />
    38. 38. Where is the gap?<br />massdistraction<br />
    39. 39. Blocking Cloud Initiatives<br />dmoola<br />
    40. 40. What’s the problem?<br />aturkus<br />
    41. 41. Cloud is embryonic<br />viralbus<br />
    42. 42. Standards just emerging<br />mayakamina<br />
    43. 43. So.... Caveat Emptor<br /> jeffc5000<br />
    44. 44. And why it sometimes feels like this...<br />gxdoyle<br />
    45. 45. Change Direction<br />Paul Wicks<br />
    46. 46. James Blake<br />Barry Gill<br />Security<br />matthewbradley<br />
    47. 47. Presented as Binary<br />MarkOMeara<br />
    48. 48. Reality...<br />cdw9<br />
    49. 49. Ask an InfoSec pro<br />thomasglobal<br />
    50. 50. What is Security?<br />Thomas Hawk<br />
    51. 51. Management of Risk<br />kyz<br />
    52. 52. Too easily think of hardware<br />stars6 / Leonardo Rizzi<br />
    53. 53. Step #1: Define Acceptable Risks<br />tnarik<br />
    54. 54. Step #2: Assess your Risks<br />Eneas<br />
    55. 55. Step #3: Mitigate Risks<br />get down<br />
    56. 56. Step #4: Transfer Risks<br />Brandon Christopher Warren<br />
    57. 57. Step #5: Accept Risks<br />dhammza<br />
    58. 58. Step #6: Monitor / Audit<br />Boyce Duprey<br />
    59. 59. Unsure about Cloud Security?<br />jessicafm<br />
    60. 60. Cloud Security is Opaque<br />Andrew Coulter Enright<br />
    61. 61. Compared to your tin<br />stars6 / Leonardo Rizzi<br />
    62. 62. Baseline Current Risks<br />Chuck “Caveman” Coker<br />
    63. 63. i.e. Where are we today?<br />Chris D 2006<br />
    64. 64. Trusting Users....<br />Thai Jasmine (Take good care :-))<br />
    65. 65. And Sysadmins....<br />leftcase<br />
    66. 66. Others...<br />Tambako the Jaguar<br />
    67. 67. Permissions Nightmare<br />marimoon<br />
    68. 68. Managing those risks?<br />Patrick Q<br />
    69. 69. 6 Steps?<br />bitchcakesny<br />
    70. 70. Is expensive<br />jo'nas<br />
    71. 71. Got the budget?<br />The Prime Minister's Office<br />
    72. 72. “Quiscustodiet<br />ipsoscustodes?”<br />
    73. 73. Cloud: Guards Guard<br />
    74. 74. Cloud Security?<br />matt.hintsa<br />
    75. 75. #1. It’s their Business<br />Esthr<br />
    76. 76. #2. Financially Responsible<br />wwarby<br />
    77. 77. #3. Scale<br />laffy4k<br />
    78. 78. #4. Specialised Skills<br />SarahMcDॐ<br />
    79. 79. #5. Cumulative Effect of Multiple Customers<br />Leo Reynolds<br />
    80. 80. #6. Best Practice: Embedded, Distributed <br />Lars Plougmann<br />
    81. 81. #7. Focus<br />Chris Campbell<br />
    82. 82. Want to be the Guards Guard?<br />
    83. 83. Remember: Caveat Emptor<br /> jeffc5000<br />
    84. 84. But proportional to Risk<br />gxdoyle<br />
    85. 85. Any Questions?<br />Justin Pirie<br />@justinpirie<br />blog.mimecast.com<br />jpirie@mimecast.com<br />matthewbradley<br />

    ×