-
1.
Cloud Security- Is my data safe?<br />Justin Pirie<br />@justinpirie<br />blog.mimecast.com<br />jpirie@mimecast.com<br />CMA- London<br />September 29th2010<br />matthewbradley<br />
-
2.
Analyst Blogger<br />
-
3.
Community Manager<br />
-
4.
Social Media Influence<br />
-
5.
Where I work<br />
-
6.
Cloud Services for Microsoft Exchange<br />tipiro<br />
-
7.
Cloud Wrapper<br />
-
8.
Email Security<br />matthewbradley<br />
-
9.
Email Continuity<br />neilalderney123<br />
-
10.
Email Archive<br />dolescum<br />
-
11.
Benefits of Google Apps<br />
-
12.
For Microsoft Exchange<br />
-
13.
What do users get?<br />minifig<br />
-
14.
Unlimited Storage<br />mescon<br />
-
15.
Fast Search<br />Ronan_C<br />
-
16.
Uptime<br />szeke<br />
-
17.
Over 500,000 users can’t be wrong!<br />
-
18.
Cloud Security- Is my data safe?<br />matthewbradley<br />
-
19.
Today’s Presentation<br />iSlime<br />
-
20.
Area I normally specialise in...<br />massdistraction<br />
-
21.
James Blake<br />Barry Gill<br />Cloud Security Experts<br />matthewbradley<br />
-
22.
James Blake- CISO<br />flik<br />
-
23.
Barry Gill...<br />bowbrick<br />
-
24.
Can’t walk...<br />Badly Drawn Dad<br />
-
25.
Stuck with me<br />Pixzamillion<br />
-
26.
Cloud Landscape<br />zoutedrop<br />
-
27.
Lets have some data<br />bionicteaching<br />
-
28.
To Understand<br />russelldavies<br />
-
29.
US Cloud Adoption<br />2009 = 36%<br />
-
30.
US Cloud Adoption<br />2010 = 56%<br />
-
31.
US Businesses Considering Adopting<br />70%<br />
-
32.
UK lags behind US attitudes<br />6%<br />
-
33.
2010 Hype Cycle<br />
-
34.
2010 Hype Cycle<br />
-
35.
Grand Canyon between adopters<br />James Marvin Phelps (mandj98)<br />
-
36.
Adopters: Cloud Improved Security<br />57%<br />
-
37.
Non Adopters: Cloud = Security Risk<br />62%<br />
-
38.
Where is the gap?<br />massdistraction<br />
-
39.
Blocking Cloud Initiatives<br />dmoola<br />
-
40.
What’s the problem?<br />aturkus<br />
-
41.
Cloud is embryonic<br />viralbus<br />
-
42.
Standards just emerging<br />mayakamina<br />
-
43.
So.... Caveat Emptor<br /> jeffc5000<br />
-
44.
And why it sometimes feels like this...<br />gxdoyle<br />
-
45.
Change Direction<br />Paul Wicks<br />
-
46.
James Blake<br />Barry Gill<br />Security<br />matthewbradley<br />
-
47.
Presented as Binary<br />MarkOMeara<br />
-
48.
Reality...<br />cdw9<br />
-
49.
Ask an InfoSec pro<br />thomasglobal<br />
-
50.
What is Security?<br />Thomas Hawk<br />
-
51.
Management of Risk<br />kyz<br />
-
52.
Too easily think of hardware<br />stars6 / Leonardo Rizzi<br />
-
53.
Step #1: Define Acceptable Risks<br />tnarik<br />
-
54.
Step #2: Assess your Risks<br />Eneas<br />
-
55.
Step #3: Mitigate Risks<br />get down<br />
-
56.
Step #4: Transfer Risks<br />Brandon Christopher Warren<br />
-
57.
Step #5: Accept Risks<br />dhammza<br />
-
58.
Step #6: Monitor / Audit<br />Boyce Duprey<br />
-
59.
Unsure about Cloud Security?<br />jessicafm<br />
-
60.
Cloud Security is Opaque<br />Andrew Coulter Enright<br />
-
61.
Compared to your tin<br />stars6 / Leonardo Rizzi<br />
-
62.
Baseline Current Risks<br />Chuck “Caveman” Coker<br />
-
63.
i.e. Where are we today?<br />Chris D 2006<br />
-
64.
Trusting Users....<br />Thai Jasmine (Take good care :-))<br />
-
65.
And Sysadmins....<br />leftcase<br />
-
66.
Others...<br />Tambako the Jaguar<br />
-
67.
Permissions Nightmare<br />marimoon<br />
-
68.
Managing those risks?<br />Patrick Q<br />
-
69.
6 Steps?<br />bitchcakesny<br />
-
70.
Is expensive<br />jo'nas<br />
-
71.
Got the budget?<br />The Prime Minister's Office<br />
-
72.
“Quiscustodiet<br />ipsoscustodes?”<br />
-
73.
Cloud: Guards Guard<br />
-
74.
Cloud Security?<br />matt.hintsa<br />
-
75.
#1. It’s their Business<br />Esthr<br />
-
76.
#2. Financially Responsible<br />wwarby<br />
-
77.
#3. Scale<br />laffy4k<br />
-
78.
#4. Specialised Skills<br />SarahMcDॐ<br />
-
79.
#5. Cumulative Effect of Multiple Customers<br />Leo Reynolds<br />
-
80.
#6. Best Practice: Embedded, Distributed <br />Lars Plougmann<br />
-
81.
#7. Focus<br />Chris Campbell<br />
-
82.
Want to be the Guards Guard?<br />
-
83.
Remember: Caveat Emptor<br /> jeffc5000<br />
-
84.
But proportional to Risk<br />gxdoyle<br />
-
85.
Any Questions?<br />Justin Pirie<br />@justinpirie<br />blog.mimecast.com<br />jpirie@mimecast.com<br />matthewbradley<br />
Security
Security
Continutity
Archive
Bringing all the benefits of Google apps- horizontal scalability, reliability, etc
To Microsoft Exchange
Security
Security
From the Mimecast Cloud Adoption Survey
From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
2010 Gartner Hype Cycle for emerging technologies
2010 Gartner Hype Cycle for emerging technologies
From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
Or being blocked
What’s the problem?
Standards are only just emerging
Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
Which is why we in cloud feel like we’re being beaten up...
Security
Security is often presented as a binary object. It’s not.
It’s much more complex than that.
What is security?
Security is the management of risks
Define Acceptable risk
Step #6: Monitor Risks
Some People are unsure about Cloud Security
Probably because of the relative opacity of Cloud compared to the transparency of a private network and the control you can exert on it
The key is to understand your current risks- baseline them
i.e. Where are we today?
Users Applications File shares Email Document management
Sysadmins User based access Server access Database access
Others: Internet VPN Extranet Customer/Partner portals API’s Suppliers Telco’s Tape warehousing Backup delivery personnel
Permissions Nightmare
How are we managing those risks today?
Applying the 6 step process?
Are you given the budget / skills to do it?
“Quiscustodietipsoscustodes?”Who will guard the guards themselves?DecimusIuniusIuvenalis
Cloud can be a way to become a guard’s guard, instead of the guard
Reasons to go Cloud Security
Reason to go Cloud security #1 It’s their business- and their reputation depends on it
#2 Money - they are held financially responsible
Reason #3 Scale- Cloud platforms have scale that customers could never achieve on their own- protecting against large scale attacks
Reason #4 Specialised Skills- employ specific people to do specialised job. Cumulative effect of multiple customers
Cumulative effect of multiple customers
Best Practice embedded in organisation and distributed. Not dependent on one person
Not just about competence and budget- but focus. It’s all they do.
Cloud can be a way to become a guard’s guard, instead of the guard
Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
But make it proportional to risk- especially to CURRENT RISKS
Security