N-Tier architecture vs protect the data.Low/Medium/High confidentiality, important to understand these concepts What else can you do with the data to protect it? SIEM - (Compliance monitoring / Provider assurance) – you just missed it. – you should come to the previous session.Ian: Ask what’s happening in BMW for Data Classification & SIEM?
Different access types- Customer Data AccessThe customer typically accesses data in the cloud through an application which provides him a service around the data. The customer will typically come from an uncontrollable external network – generalized as Internet. The access goes through a traditional DMZ architecture with an outer firewall – a reverse proxy enforcing the user authentication and applying access control for the requested application.Staff Data AccessStaff members will access their resources in the cloud through their enterprise firewall or virtual private network (VPN) connection to an access gateway which ensures the user is coming from an identified organization (the cloud subscriber). Staff members will perform admin tasks as well as use applications running in the cloud. Basically, their roles and accessible resources will be controlled by an access control or policy server similar to that controlling the access of the customers (i.e., from a cloud provider’s point of view, these are all customers).- Sysadmin Data AccessThe SysAdmin has OS-level access the the cloud provider’s servers and is under control of an admin gateway to limit the access to systems the admin is entitled to. The admin gateway can be implemented as a function on each server, which enforces role-based access control on the OS level (e.g., PowerBroker).Figure 6 illustrates the SysAdmin access path to data. Basically, the SysAdmin has access to all servers on the OS level. He always accesses data directly, as he has no application entitlements.Application Data AccessThings to think about here include whether you need to think about MASSL for auth, account credentials etc..See the Identity mgmt usage models.
Data Sovereignty – In .AU, lots of talk of it, but no real impacts as of yet as people aren’t using public cloud for highly sensitive services. I hear Data Sovereignty is a problem in Europe – how do you see this affecting Cloud adoption in this area?
Forecast odcau7 100_ak2
OCDA U: SECURITY DATA PROTECTIONMatt Lowth (NAB)Ian Lamont (BMW)®
AGENDA2ODCA Data Security 2013 |TopicDiscussLearningCloud Data Security- Usage Scenarios- Data Security Challenges- Data Security LifecycleLearnings andTake-aways from this UM
TOPIC & UM BACKGROUNDThe ODCA Contributor organizations have created this Usage Model tocollaboratively identify ways in how they agree cloud data security should bemanaged, and so as to provide this as a clear message to the Cloud andSolution Providers, and to share with the general publicThe Data Security UM addresses:1. Concept2. Important enabling elements3. Usage Scenario’s4. Categorization of servicequalities in context of the UM3ODCA Data Security 2013 |
UM CORE – KEY ELEMENTS4Different Security Methodology.Protecting the data versus protecting your perimeter?Important to understand what you’re protecting?Options to lower the sensitivityof the data by masking or encrypting it?Ensure access and managementof your data is logged and monitored.Data SecurityChallengesDataClassificationDataencryption &maskingSIEMODCA Data Security 2013 |
DATA SECURITY – USAGE SCENARIOS6What to think about before you move yourdata to the cloud?How to get your data to the cloud.How to access your data in the cloud.How to Backup/Restore information from thecloud OR delete your data when you’re finished using it.TransferPreparationsData TransferData AccessOtherScenariosODCA Data Security 2013 |
KEY TAKEAWAYS FOR THIS UM7Your data is only as secure as your weakest link.You need to consider what protection is necessary throughoutyour data’s lifecycle, not just protecting the information in transit.Where does your data live?It is difficult to apply appropriate protectionto your data if you don’t understand the data’s sensitivity.DevelopSecurelyDataLifecycleDataSovereigntyUnderstandYour DataODCA Data Security 2013 |
KEY INDUSTRY ACTIONS(STANDARDS AND MORE)8Data security must comply with country-specific legal requirements. Theserequirements and their implications need to be clearly comprehended byproviders and subscribers.Are requested to submit input on the proposed data security criteria for thevarious assurance levels (Bronze, Silver, Gold, and Platinum).Should examine their enterprises and understand the data security life cycle;then they should validate their findings by comparing them to the RFPquestions.IndustryWideCloudProviderCloudSubscriberODCA Data Security 2013 |
INFORMATION AND ASSETS9Available to Members at: www.opendatacenteralliance.orgURL for Public content: www.opendatacenteralliance.orgStandardizedResponse ChecklistsAccelerate TTMShared PracticesDrive ScaleStreamlinedRequirementsAccelerate AdoptionODCA Data Security 2013 |
QUESTIONS10www.opendatacenteralliance.orgUM: Cloud Data SecurityFrom engagement to real adoption andimplementationODCA Data Security 2013 |