Cloud Computing Panel - NYCLA

760 views

Published on

The New York County Lawyers’ Association’s Cyberspace Law Committee

presents a Public Forum

Head in the Clouds? Head in the Clouds?

Implications of Cloud Computing Implications of Cloud Computing

Cloud computing, an Internet-based development and use of computer technology typically involving the provision of dynamically scalable resources, is fast becoming a part of our daily lives. Whether one is checking webmail, backing up data online or collaborating on documents, it is hard to ...

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
760
On SlideShare
0
From Embeds
0
Number of Embeds
187
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cloud Computing Panel - NYCLA

  1. 1. Chief Technology Officer Brainlink International, Inc. Head In The Clouds? Implications of Cloud Computing Public Forum Raj Goel, CISSP
  2. 2. First Cloud Application? <ul><li>Voicemail </li></ul><ul><li>Similarities to clouds today </li></ul><ul><li>What have we learned from the history of Voicemail that might apply to clouds? </li></ul>
  3. 3. The “Voicemail Cloud” Killer App <ul><li>Where is your voicemail stored? </li></ul><ul><li>Do you know? Do you care? </li></ul><ul><li>Tired: Voicemail as attachment </li></ul><ul><li>Wired: Voicemail as trans*!@&#!cription </li></ul>
  4. 4. Are you Googling Your Privacy Away? <ul><li>http://www.brainlink.com/news/138/24/Is-Your-Company-Googling-its-Security-and-Privacy-Away-Raj-Goel-investigates.html </li></ul><ul><li>https://www.box.net/shared/9gl5t6pi5p </li></ul>
  5. 5. Pre-cursor to the Internet Cloud <ul><li>GeoCities </li></ul><ul><li>Similarities </li></ul><ul><li>Lessons learned </li></ul>
  6. 6. Could Diddy <ul><li>Google </li></ul><ul><li>Google Search </li></ul><ul><li>Gmail </li></ul>
  7. 7. Modern Clouds <ul><li>Amazon AWS, StrataScale, IBM, etc. </li></ul><ul><li>Saas? </li></ul><ul><li>RackSpace? </li></ul><ul><li>Joe’s Cloud-in-a-can? </li></ul>
  8. 8. Business Continuity Challenges <ul><li>Clouds have better uptime than internal servers </li></ul><ul><li>But… </li></ul><ul><li>Where’s your backup when the cloud runs dry? </li></ul>
  9. 9. Facebook your country's security away... <ul><li>Farce of the Facebook spy: MI6 chief faces probe after wife exposes their life on Net </li></ul><ul><li>“ MI6 faced calls for an inquiry last night after an extraordinary lapse of judgment led to the new head of MI6's personal detailsbeing plastered over Facebook. </li></ul><ul><li>Millions of people could have gained access to compromising photographs of Sir John Sawers and his family on the social networking website. ...“ </li></ul><ul><li>http://www.dailymail.co.uk/news/article-1197757/New-MI6-chief-faces-probe-wife-exposes-life-Facebook.html </li></ul>
  10. 10. Business Continuity Challenges <ul><li>Most clouds are digital roach motels. </li></ul><ul><li>Migrating data – somewhat easy </li></ul><ul><li>Migrating applications or functionality? </li></ul>
  11. 11. Regulatory and Liability Challenges <ul><li>Use Gmail/YahooMail/etc. for email </li></ul><ul><li>HIPAA, PCI, Red Flag violations? </li></ul><ul><li>How do you subpeona gmail? </li></ul><ul><li>Perform eDiscovery? </li></ul>
  12. 12. Regulatory and Liability Challenges <ul><li>Use MS HealthVault, GoogleHealth </li></ul><ul><li>HIPAA violations? </li></ul><ul><li>How do you correct errors? </li></ul><ul><li>Same process as Credit Bureaus (TRW, Equifax, etc) </li></ul><ul><li>See the Google Health Presentation at http://www.brainlink.com/raj_speaks.html </li></ul>
  13. 13. Regulatory and Liability Challenges <ul><li>Who is responsible for security of data? </li></ul><ul><li>Freezing data or apps in case of litigation hold? </li></ul><ul><li>Chain Of Custody? </li></ul>
  14. 14. Crystal Ball <ul><li>Clouds are here to stay </li></ul><ul><li>Will take years to define what it really means </li></ul><ul><li>New name for old game – managed hosting, outsourced IT, etc. </li></ul><ul><li>Law is 10 years behind the technology </li></ul>
  15. 15. Next Steps <ul><li>Determine where the cloud makes sense in your business. </li></ul><ul><li>Don’t throw corporate jewels in the cloud (yet) </li></ul><ul><li>Don’t ignore clouds – they add competitive value </li></ul><ul><li>Ensure IT, Compliance and Business Continuity/Disaster Recovery are on the same page </li></ul>
  16. 16. Raj Goel, CISSP, is an Oracle and Solaris expert and he has over 20 years of experience in software development, systems, networks, communications and security for the financial, banking, insurance, health care and pharmaceutical industries. Raj is a regular speaker on HIPAA, Sarbanes-Oxley,PCI-DSS Credit Card Security, Information Security and other technology and business issues, addressing diverse audiences including technologists, policy-makers, front-line workers and corporate executives. A nationally known expert, Raj has appeared in over 20 magazine and newspaper articles worldwide, including Entrepreneur Magazine , Business2.0 and InformationWeek , and on television including CNNfn and Geraldo At Large . Raj has been published in Informatiion Security Magazine and Commercial Property News. raj@brainlink.com 917-685-7731 www.brainlink.com www.linkedin.com/in/rajgoel
  17. 17. Audience Questions <ul><li>What is Google Scanning? </li></ul><ul><li>Can they scan what’s in my GoogleDocs? </li></ul><ul><li>(This is what I think the questioner said. Audio pickup was muffled) </li></ul>
  18. 18. Audience Questions <ul><li>I heard Google’s head of privacy say that they can’t tell where the information is stored. They say they can’t delete information. </li></ul><ul><li>Why can’t they do that? I think that’s a lie. </li></ul><ul><li>(This is what I think the questioner said. Audio pickup was muffled) </li></ul>
  19. 19. Audience Questions <ul><li>I heard they [Google] don’t delete data is so they can analyze the logs. </li></ul><ul><li>(This is what I think the questioner said. Audio pickup was muffled) </li></ul>
  20. 20. Panel Discussion <ul><li>Problems with data leakage; </li></ul><ul><li>How data collectors are selling data and metadata to law enforcement. </li></ul>
  21. 21. Audience Suggestion <ul><li>You can protect yourself by encrypting data. </li></ul><ul><li>Response: </li></ul><ul><li>How metadata analysis defeats privacy settings and encryption. </li></ul>
  22. 22. Audience Questions <ul><li>What are the risks in Multi-tenancy environments? </li></ul><ul><li>e.g. Websites on a shared server, </li></ul><ul><li>virtual servers on a shared server, </li></ul><ul><li>Servers in a colocation facility </li></ul><ul><li>(This is what I think the questioner said. Audio pickup was muffled) </li></ul>
  23. 23. Raj Goel, CISSP, is an Oracle and Solaris expert and he has over 20 years of experience in software development, systems, networks, communications and security for the financial, banking, insurance, health care and pharmaceutical industries. Raj is a regular speaker on HIPAA, Sarbanes-Oxley,PCI-DSS Credit Card Security, Information Security and other technology and business issues, addressing diverse audiences including technologists, policy-makers, front-line workers and corporate executives. A nationally known expert, Raj has appeared in over 20 magazine and newspaper articles worldwide, including Entrepreneur Magazine , Business2.0 and InformationWeek , and on television including CNNfn and Geraldo At Large . Raj has been published in Informatiion Security Magazine and Commercial Property News. raj@brainlink.com 917-685-7731 www.brainlink.com www.linkedin.com/in/rajgoel

×