Common concerns regarding cloud security are increasingly being recognized as speculative cases, compared to the reality of how IT governance often fails in traditional on-premise environments: failure modes that the cloud model greatly offsets
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Cloud Security: Trust and Transformation
1. Trust and Transformation:
The Compelling Case for the Cloud
Peter Coffee
VP / Head of Platform Research
salesforce.com inc.
2. Public Clouds of Public Trust:
The End of ‘Forbidden Zones’
General Economic Health & Defense &
Transportation
Government Development Human Services Public Safety
Science &
Environment
Political Campaigns & Advocacy Culture & Education
3. Cloud Objections Are Being Addressed
Security: American Bankers Association blog says an enterprise
should “verify that any outsourcing partner meets its standards.
However, once verified, a cloud partner can actually provide
greater security.”
Capacity / Availability:
– Overall service portfolio routinely exceeds 600M transactions/day
– Availability routinely > four 9s, converging on 24 × 365 operations
Compliance: United States’ National Institute of Standards and
Technology says cloud-resident data “can be more available, faster
to restore, and more reliable… [and] less of a risk than having data
dispersed on portable computers or removable media.”
4. Best Practices Matter More than Data Location
"There are five common factors that lead
to the compromise of database
information":
• ignorance
• poor password management
• rampant account sharing
• unfettered access to data
• excessive portability of data
DarkReading.com, October 2009
5. Trusted Advisors Recommend the Cloud
Potential benefits from
transitioning to a public
cloud computing
environment:
• Staff Specialization
• Platform Strength
• Resource Availability
• Backup and Recovery
• Mobile Endpoints
• Data Concentration
6. Force.com was designed from Line 1…
…to be “Shared and Secure”
Apply Data
Login… Authenticate… Security Rules… View Filtered Content
Password security policies
Rich Sharing Rules
User Profiles
SSO/2-factor solutions
8. All Assets Secured, All the Time
Despite resource sharing, multitenancy will often
improve security. Most current enterprise security
models are perimeter-based, making you
vulnerable to inside attacks. Multitenant services
secure all assets at all times, since those within the
main perimeter are all different clients…
Multitenancy is here to stay. Our research and
analysis indicates that multitenancy is not a less
secure model — quite the opposite!
9. Data Stewardship is a Practice, not a Technology
Data protection regulations
– Where can it be stored?
– Who’s allowed to see it?
Peel the onion of ‘compliance’
– Anonymize/encrypt/partition specific fields
– Cloud disciplines can enhance auditability
• Role-based privilege assignment
• Actions taken using granted privileges
Looking beyond the FUD
– USA PATRIOT Act sometimes causes concern about powers of US
government to access data
– Limited to information-gathering related to matters of urgent national security
– Use of USA PATRIOT Act requires involvement by all three branches of the
US government
– Many other countries, including in Europe, have very similar powers
11. Continued Availability Improvement
Spring ‘11 Summer ‘11 Winter ‘12
inter ’12 release: downtime reduced to 2 hours
“Great work reducing the pain of the quarterly upgrade so dramatically.
urtheror difference to of maintenance downtime in downtime and
The
reduction our overstated.”
2 3 hours can’t be
business between 2 or 3 minutes of
FY13
12. Becoming ‘Securely Social’
What is the organization’s mission?
What information supports that mission?
Where does it originate?
Who holds it?
Who can see it?
What events change it?
When is that important?
How do people know?
How can people act?
These are not new questions: NSA IAM introduced 2004
13. Trust is Essential Enabler for Cloud Adoption
Robust infrastructure security
Rigorous operational security
Granular customer controls
– Role-based privilege sets
– Convenient access control & audit
“Sum of all fears” superset protection
– Multi-tenancy reduces opportunities for error
– The most demanding customer sets the bar
– FISMA: FIPS 199 LOW and MODERATE
– PCI DSS Compliance Level 1
– Comprehensive and continuing audit and certification
14. Peter Coffee
VP / Head of Platform Research
pcoffee@salesforce.com
facebook.com/peter.coffee
twitter.com/petercoffee
cloudblog.salesforce.com
Editor's Notes
Granular, governable and auditable privilege assignment elevates security in the cloud above what’s achieved in legacy environments
When you design from Day 1 for massive sharing, you build in a representation of data ownership from the bottom up instead of trying to construct a perimeter
Granular, governable and auditable privilege assignment elevates security in the cloud above what’s achieved in legacy environments
Regulations often fail to reflect the state of technology and the current understanding of best practices, but governments still…govern
What security or similar certifications do you have? (i.e. FIPS, SAS-70, PCI)