Mark Skilton, Director, Strategy Office, Global Infrastructure Services
Co-Chair, Cloud Computing Work Group, The Open Gro...
| Capgemini & Cloud
Trust and Risk Trade-off
 In the Cloud everything is perceived as untrusted and insecure
 Many enter...
| Capgemini & Cloud
What’s being done to Secure Cloud……..
Move data
between
SQL and
nonSQL
databases
DBMS Server
Legal Iss...
| Capgemini & Cloud
How can we get control of Identity, Privacy, and Data
Protection in the Cloud ?
Extensible Boundaries
...
| Capgemini & Cloud
“It is impossible for a distributed computer system to simultaneously
provide all three of the followi...
| Capgemini & Cloud
The Case for Service Orchestration -
managing your Security and Risk
 Consistency and Guarantees
• St...
Upcoming SlideShare
Loading in …5
×

Identity privacy and data protection in the cloud – what is being done is it enough goal capgemini m skilton v1

460 views

Published on

“Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?” GOAL Global Outsourcing Lawers Conference. Cpagemini Mark Skilton

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
460
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Identity privacy and data protection in the cloud – what is being done is it enough goal capgemini m skilton v1

  1. 1. Mark Skilton, Director, Strategy Office, Global Infrastructure Services Co-Chair, Cloud Computing Work Group, The Open Group Member, ISO JC38 UK Mirror +44 7787 692197 mark.skilton@capgemini.com Twitter @mskilton http://uk.linkedin.com/pub/mark-skilton/1/189/968 “Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?”
  2. 2. | Capgemini & Cloud Trust and Risk Trade-off  In the Cloud everything is perceived as untrusted and insecure  Many enterprises have company policies requiring data and access to be stored behind the Corporate firewall; transport between geographies are not allowed  Industrial certifications require physical isolation, audit and authentication processes Trust ? Internal Private Hybrid Public Physical Resources/ locations Edge Span of Insource & Outsource Span of Technology
  3. 3. | Capgemini & Cloud What’s being done to Secure Cloud…….. Move data between SQL and nonSQL databases DBMS Server Legal Issues IP Patent Law – Independence of software on device and OS Bundling Legal Definition of an API e.g. Google API, MSFT API US / EU Patriot, SafeHarbor, DA rules Cultural Impact Provisioning Policy Management Amazon gets FISMA certification EU Open Data portal Open Data standards W3C EU inter- country data Use of Public APIs e.g. Google+ Twitter APIs Use of APIs/ personal Data Protection TLS, SSL Transport Layer end to end Pass through Threats Hypervisor IOP e.g. Citrix and AWS Device IOP e.g. User Experience and UI e.g. Ipad , Samsung e.g. Microsoft OS 8 – tablet IOP EU announce common Data Portal Vertical Sector B2B Schemas Vendor Technology Standards seeking Openness e.g. DMTF, ODCA, OMG CCSC Illustrative ISA Chip standards Database Scalability & Portability Hypervisor Portability & Hypervisor Interoperating Hybrid Device from service abstraction Government led Legal certifications Vertical industry Government led Standard schemas Network transport issues Choices , NSPs, ISPs API openness and ownership Multi-form factor supportability Apps, content stores access Personal/vendor Portability Market / Region Provider / Entity Network API / Gateway / Portal Device / Browser OS Server Storage Software Application Data / Payload Hypervisor Business Process DC Hosting Public Cloud Hosted Private Cloud Hosted Open Source Cloud Hosted Legal & Security Industry Nomenclatures Deployment strategies Common Industry standards Vertical Industry standards e.g. Oracle, IBM e.g. Amazon & Others e.g. open nebula TechnologyandBusinesstiers Provisioning Policies Inter-country data exchange Multi-form factor data portability Service IP component bundling Application environment Portability Storage as a Service Compute as a Service Applications as a Service Desktop as a Service Big Data as a Service Move application OpenStack, CloudStack Shifts B2B / B2C Platforms Device Store Services Social Networks, C2C Policy Areas The Open Group – Cloud Computing Interoperability Portability Project 2012 Examples of some Legal activity in last 12-24 months EU announce Data Privacy Controls
  4. 4. | Capgemini & Cloud How can we get control of Identity, Privacy, and Data Protection in the Cloud ? Extensible Boundaries From Introduction to CIEL – CILE Project – an Open Group project Work in Progress Copyright SyntheticSpheres 2012 Identity – Is this controlled by User Device or By You in your Cloud Server or a Proxy Service e.g. OpenID ? Privacy – What Boundary Conditions are acceptable to you? Do you want Closed , Secure Cloud? Do you want Distributed Secure Cloud? Do you want Regional/Local Controls do you want guarantees What Legal Jurisdiction do you follow? Data Protection – Data at Rest – Encryption, IP Control Data in Transit – Encryption, Monitoring Data Age – Archive and Audit Control What Legal Jurisdiction do you follow? Provider Consumer Policy Management Boundary Policy Management Legal Contract Back to Back control
  5. 5. | Capgemini & Cloud “It is impossible for a distributed computer system to simultaneously provide all three of the following guarantees: Consistency, Availability and Partitioning Tolerance”. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Consistency Availability Partitioning Tolerance Guaranteed FidelityPerformance (Reference: Brewer Conjecture 2000, Gilbert, Lynch Formal Proof 2002) “Brewer’s Conjecture and the feasibility of consistent, available, partition-tolerant web services” http://lpd.epfl.ch/sgilbert/pubs/BrewersConjecture-SigAct.pdf ACM SIGACT News, Vol 33 Issue 2 (2002) pg 51-59 Brewers Theorem
  6. 6. | Capgemini & Cloud The Case for Service Orchestration - managing your Security and Risk  Consistency and Guarantees • Strong Multi-Systems Management – Single Accountabilities • Control Failure Points in system – Strong Identity, Encryption Policies and Tools to manage Usage and Audit Compliance.  Availability and Effectiveness • Multi-Source – open technology capabilities • Business Process Orchestration – Drive Business Performance Outcomes Metrics  Partition Tolerance and Fidelity • Introduce and manage disciplined portfolio of IT and Business assets inside and outside the organization in a way that best serves the needs of consumers and providers. Govern Configuration • Preserve your elasticity - within “acceptable conditions of use” – know the tolerance levels that are within the distributed system. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Management Orchestration Resource Management Template Contiguity Source Access Systems Management Process Orchestration

×