SlideShare a Scribd company logo

Cloud Security Strategy

Capgemini
Capgemini

Understanding and evaluating the real risks in the cloud By Lee Newcombe Infrastructure Services

1 of 24
Download to read offline
Cloud security strategy: understanding and evaluating the real risks in the cloud Lee Newcombe (lee.newcombe@capgemini.com) Infrastructure Services November 2012
Session Agenda  Introduction 5 minutes  Presentation 15 minutes  “Securing Cloud Services”  Facilitated Round Table Discussions 20 minutes  What are the genuine security issues that hold back Cloud adoption?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  Sharing of outcomes from Discussions 20 minutes 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 2
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 3
The questions you asked…  What are the genuine security issues that hold back Cloud adoption?  Where do the main security threats come from and where should you focus your attention?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  Eliminating the human security risk: educating your workforce  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  How do emerging social business technologies complicate security strategies? 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 4
The ones I will tackle!  What are the genuine security issues that hold back Cloud adoption?  Where do the main security threats come from and where should you focus your attention?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  Eliminating the human security risk: educating your workforce  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  How do emerging social business technologies complicate security strategies? 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 5
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 6
Cloud Computing – NIST Cloud Computing: “…a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction…” • On-demand self-service • Broad network access • Resource pooling Essential Characteristics • Rapid elasticity; and of Cloud Computing • Measured service. csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 7
Service Models 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 8
NIST Deployment Models and Jericho Cloud Cube Model Strengths Weaknesses The Jericho Forum® Cloud Model represents Public Agile, cost-effective, Multi-tenant an alternative mechanism to represent “Illusion of infinite Data residency deployment models. resource” Assurance Standard contracts Private Dedicated use Expensive cf Public Assurance No “illusion of infinite Scope to negotiate resource” SLAs etc Community Designed for a specific, Difficult to govern; need to shared, set of security manage all stakeholders requirements Hybrid “Best of breed” “Weakest link” suppliers can be Must cater for security switched in and out. issues across ALL suppliers http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 9
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 10
“Where do the main security threats come from and where should you focus your attention?” -> Cloud Threats 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 11
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 12
“What are the genuine security issues that hold back Cloud adoption?” -> Cloud Risks Compliance Multi-tenancy Assurance ? Supply chain – cloud, on cloud, on cloud, on… Lock-in Standard Terms and Conditions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 13
“Are services in the cloud less secure than those on-premise?” -> Cloud Benefits? Cost-effective datacentre security Improved resilience More efficient security patching Improved security expertise, including application-specific expertise, at the ? centre Cloud data storage and sharing vs removable media Encourages adoption of Jericho principles 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 14
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 15
“What is the best way to manage security in a world of self‐service IT, mobile devices and social media?” -> Security Architecture “The fundamental security organization of a system, embodied in its components, their relationships to each other and the environment, and the security principles governing its design and evolution” Adapted from: ISO/IEC 42010:2007 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 16
Security Reference Model 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 17
Modelling Different Delivery Responsibilities The delivery responsibilities for the security services shifts from the consumer to the provider as you move from IaaS to SaaS. Interfaces between consumer and provider present a risk of gaps in capability and poor/no/mis- communication between provider and consumer. 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 18
Procurement Usage 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 19
Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 20
Conclusions • All delivery models are unique. Cloud computing models have unique security challenges. So do other delivery models including on-premise and traditional outsourcing. • Cloud is an evolution not a revolution. • The threat actors remain mostly the same, cloud or on-premise • The risks remain mostly the same, whether your applications are hosted on-premise or on-cloud, however • increased sharing of resources due to multi-tenancy introduces new attack surfaces • assurance difficulties can cause compliance issues (data residency, data deletion, segregation etc) • Security architecture approach can help to enable cloud adoption. • Architecture methodologies help to enforce consistency across an enterprise, no matter the IT delivery model. • Architecture methodologies help to identify the security services required from a Provider • Architecture helps to identify areas of overlap or interface (or confusion or omission) between Provider and Consumer • Architecture helps to inform service procurement 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 21
Conclusions • What are the genuine security issues that hold back Cloud adoption? • Compliance • Assurance • Where do the main security threats come from and where should you focus your attention? • The usual… • Are services in the cloud less secure than those on-premise? • It depends! • How much of the threat is human (malicious or accidental), and how much IT, devices and hardware? • Confidentiality? Human. Availability? Mixture. •What is the best way to manage security in a world of self‐service IT, mobile devices and social media? • Adopt an architectural approach. 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 22
Session Agenda  Introduction 5 minutes  Presentation 15 minutes  “Securing Cloud Services”  Facilitated Round Table Discussions 20 minutes  What are the genuine security issues that hold back Cloud adoption?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  Sharing of outcomes from Discussions 20 minutes 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 23
About Capgemini With more than 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore ®, its worldwide delivery model. www.capgemini.com The information contained in this presentation is proprietary. Rightshore® is a trademark belonging to Capgemini © 2012 Capgemini. All rights reserved.

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Cloud computing
Cloud computingCloud computing
Cloud computingKshitij Mittal
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service ModelsAbhishek Pachisia
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoptionSudsanguan Ngamsuriyaroj
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 

More Related Content

What's hot

Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 

What's hot (20)

Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 

Viewers also liked

Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
 
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...Full slide deck for Minicourse M5 "Leading radical change a day of transforma...
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...NHS Improving Quality
 
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...Argyle Executive Forum
 
Cloud, the Enterprise, and the Enterprise Architect
Cloud, the Enterprise, and the Enterprise ArchitectCloud, the Enterprise, and the Enterprise Architect
Cloud, the Enterprise, and the Enterprise ArchitectElisabeth Stahl
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Cloud Transformation: A Pragmatic Approach
Cloud Transformation: A Pragmatic ApproachCloud Transformation: A Pragmatic Approach
Cloud Transformation: A Pragmatic ApproachCapgemini
 
Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...IBM Banking
 
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...Dr. Wilfred Lin (Ph.D.)
 
(ISM205) A Framework for IT and Business Transformation
(ISM205) A Framework for IT and Business Transformation(ISM205) A Framework for IT and Business Transformation
(ISM205) A Framework for IT and Business TransformationAmazon Web Services
 
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016Amazon Web Services
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Best in Class Finance Transformation - Best Practices for the Finance Function
Best in Class Finance Transformation - Best Practices for the Finance FunctionBest in Class Finance Transformation - Best Practices for the Finance Function
Best in Class Finance Transformation - Best Practices for the Finance FunctionProformative, Inc.
 
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate ResultsAmazon Web Services
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeAmazon Web Services
 
Financial risk management ppt @ mba finance
Financial risk management ppt @ mba financeFinancial risk management ppt @ mba finance
Financial risk management ppt @ mba financeBabasab Patil
 

Viewers also liked (19)

Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoption
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...Full slide deck for Minicourse M5 "Leading radical change a day of transforma...
Full slide deck for Minicourse M5 "Leading radical change a day of transforma...
 
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...
Enabling Finance Transformation with Cloud Technology: How to Increase Agilit...
 
Cloud, the Enterprise, and the Enterprise Architect
Cloud, the Enterprise, and the Enterprise ArchitectCloud, the Enterprise, and the Enterprise Architect
Cloud, the Enterprise, and the Enterprise Architect
 
Enterprise Cloud Transformation
Enterprise Cloud TransformationEnterprise Cloud Transformation
Enterprise Cloud Transformation
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Cloud Transformation: A Pragmatic Approach
Cloud Transformation: A Pragmatic ApproachCloud Transformation: A Pragmatic Approach
Cloud Transformation: A Pragmatic Approach
 
Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...
K1 keynote 1_oracle_integrated_cloud_strategy_and_vision_for_journey_to_cloud...
 
(ISM205) A Framework for IT and Business Transformation
(ISM205) A Framework for IT and Business Transformation(ISM205) A Framework for IT and Business Transformation
(ISM205) A Framework for IT and Business Transformation
 
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Best in Class Finance Transformation - Best Practices for the Finance Function
Best in Class Finance Transformation - Best Practices for the Finance FunctionBest in Class Finance Transformation - Best Practices for the Finance Function
Best in Class Finance Transformation - Best Practices for the Finance Function
 
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting Practice
 
Financial risk management ppt @ mba finance
Financial risk management ppt @ mba financeFinancial risk management ppt @ mba finance
Financial risk management ppt @ mba finance
 

Similar to Cloud Security Strategy

CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN ndelannoy
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Livingstone Advisory
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Cloud Computing: Fact versus Fog
Cloud Computing: Fact versus FogCloud Computing: Fact versus Fog
Cloud Computing: Fact versus FogJocelynDG
 
False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011David Linthicum
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]KVH Co. Ltd.
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
The Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud ComputingThe Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud Computingjayroy
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Moving your Infrastructure to the Cloud
Moving your Infrastructure to the CloudMoving your Infrastructure to the Cloud
Moving your Infrastructure to the CloudRackspace
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloudTalentLMS
 

Similar to Cloud Security Strategy (20)

CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Cloud Computing: Fact versus Fog
Cloud Computing: Fact versus FogCloud Computing: Fact versus Fog
Cloud Computing: Fact versus Fog
 
2010 grail research_cloud_computing
2010 grail research_cloud_computing2010 grail research_cloud_computing
2010 grail research_cloud_computing
 
False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011False Cloud Debate Panel Interop 2011
False Cloud Debate Panel Interop 2011
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
 
Csathreats.v1.0
Csathreats.v1.0Csathreats.v1.0
Csathreats.v1.0
 
Top Cloud Threats
Top Cloud ThreatsTop Cloud Threats
Top Cloud Threats
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Hybrid cloud computing explained
Hybrid cloud computing explainedHybrid cloud computing explained
Hybrid cloud computing explained
 
The Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud ComputingThe Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud Computing
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Moving your Infrastructure to the Cloud
Moving your Infrastructure to the CloudMoving your Infrastructure to the Cloud
Moving your Infrastructure to the Cloud
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
 

More from Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

More from Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Cloud Security Strategy

  • 1. Cloud security strategy: understanding and evaluating the real risks in the cloud Lee Newcombe (lee.newcombe@capgemini.com) Infrastructure Services November 2012
  • 2. Session Agenda  Introduction 5 minutes  Presentation 15 minutes  “Securing Cloud Services”  Facilitated Round Table Discussions 20 minutes  What are the genuine security issues that hold back Cloud adoption?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  Sharing of outcomes from Discussions 20 minutes 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 2
  • 3. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 3
  • 4. The questions you asked…  What are the genuine security issues that hold back Cloud adoption?  Where do the main security threats come from and where should you focus your attention?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  Eliminating the human security risk: educating your workforce  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  How do emerging social business technologies complicate security strategies? 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 4
  • 5. The ones I will tackle!  What are the genuine security issues that hold back Cloud adoption?  Where do the main security threats come from and where should you focus your attention?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  Eliminating the human security risk: educating your workforce  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  How do emerging social business technologies complicate security strategies? 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 5
  • 6. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 6
  • 7. Cloud Computing – NIST Cloud Computing: “…a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction…” • On-demand self-service • Broad network access • Resource pooling Essential Characteristics • Rapid elasticity; and of Cloud Computing • Measured service. csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 7
  • 8. Service Models 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 8
  • 9. NIST Deployment Models and Jericho Cloud Cube Model Strengths Weaknesses The Jericho Forum® Cloud Model represents Public Agile, cost-effective, Multi-tenant an alternative mechanism to represent “Illusion of infinite Data residency deployment models. resource” Assurance Standard contracts Private Dedicated use Expensive cf Public Assurance No “illusion of infinite Scope to negotiate resource” SLAs etc Community Designed for a specific, Difficult to govern; need to shared, set of security manage all stakeholders requirements Hybrid “Best of breed” “Weakest link” suppliers can be Must cater for security switched in and out. issues across ALL suppliers http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 9
  • 10. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 10
  • 11. “Where do the main security threats come from and where should you focus your attention?” -> Cloud Threats 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 11
  • 12. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 12
  • 13. “What are the genuine security issues that hold back Cloud adoption?” -> Cloud Risks Compliance Multi-tenancy Assurance ? Supply chain – cloud, on cloud, on cloud, on… Lock-in Standard Terms and Conditions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 13
  • 14. “Are services in the cloud less secure than those on-premise?” -> Cloud Benefits? Cost-effective datacentre security Improved resilience More efficient security patching Improved security expertise, including application-specific expertise, at the ? centre Cloud data storage and sharing vs removable media Encourages adoption of Jericho principles 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 14
  • 15. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 15
  • 16. “What is the best way to manage security in a world of self‐service IT, mobile devices and social media?” -> Security Architecture “The fundamental security organization of a system, embodied in its components, their relationships to each other and the environment, and the security principles governing its design and evolution” Adapted from: ISO/IEC 42010:2007 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 16
  • 17. Security Reference Model 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 17
  • 18. Modelling Different Delivery Responsibilities The delivery responsibilities for the security services shifts from the consumer to the provider as you move from IaaS to SaaS. Interfaces between consumer and provider present a risk of gaps in capability and poor/no/mis- communication between provider and consumer. 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 18
  • 19. Procurement Usage 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 19
  • 20. Agenda Introduction Establishing a common point of view Cloud Threats – who may attack your services? ? Cloud Risks. And Benefits? An approach to secure adoption of cloud services Conclusions 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 20
  • 21. Conclusions • All delivery models are unique. Cloud computing models have unique security challenges. So do other delivery models including on-premise and traditional outsourcing. • Cloud is an evolution not a revolution. • The threat actors remain mostly the same, cloud or on-premise • The risks remain mostly the same, whether your applications are hosted on-premise or on-cloud, however • increased sharing of resources due to multi-tenancy introduces new attack surfaces • assurance difficulties can cause compliance issues (data residency, data deletion, segregation etc) • Security architecture approach can help to enable cloud adoption. • Architecture methodologies help to enforce consistency across an enterprise, no matter the IT delivery model. • Architecture methodologies help to identify the security services required from a Provider • Architecture helps to identify areas of overlap or interface (or confusion or omission) between Provider and Consumer • Architecture helps to inform service procurement 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 21
  • 22. Conclusions • What are the genuine security issues that hold back Cloud adoption? • Compliance • Assurance • Where do the main security threats come from and where should you focus your attention? • The usual… • Are services in the cloud less secure than those on-premise? • It depends! • How much of the threat is human (malicious or accidental), and how much IT, devices and hardware? • Confidentiality? Human. Availability? Mixture. •What is the best way to manage security in a world of self‐service IT, mobile devices and social media? • Adopt an architectural approach. 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 22
  • 23. Session Agenda  Introduction 5 minutes  Presentation 15 minutes  “Securing Cloud Services”  Facilitated Round Table Discussions 20 minutes  What are the genuine security issues that hold back Cloud adoption?  Are services in the cloud less secure than those on-premise?  How much of the threat is human (malicious or accidental), and how much IT, devices and hardware?  What is the best way to manage security in a world of self‐service IT, mobile devices and social media?  Sharing of outcomes from Discussions 20 minutes 12th Cloud Circle Forum Copyright © Capgemini 2012. All Rights Reserved 23
  • 24. About Capgemini With more than 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore ®, its worldwide delivery model. www.capgemini.com The information contained in this presentation is proprietary. Rightshore® is a trademark belonging to Capgemini © 2012 Capgemini. All rights reserved.