SlideShare a Scribd company logo

IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt

Download as PPT, PDF
1
14941

this thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youthis thanke youv

Technology
1 of 14
Practical tips for securing your cloud James Turner, IBRS Advisor August 2012
Building a smarter planet Warning  This presentation has a lot of pictures of clouds 2
Building a smarter planet Practical tips to securing your cloud  Defining the cloud  What IBRS clients are asking & What the experts say  Four interesting areas of risk  Summary  A glimpse of the future  Questions 3
Building a smarter planet Defining cloud  The most widely accepted definition of cloud comes from the National Institute of Science and Technology (NIST) : 1. On demand self-service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Pay-per-use measured service  I’m talking about SaaS 4 Morning Glory clouds – Gulf of Carpentaria. Source: NASA. Credit: Mick Petroff
Building a smarter planet What IBRS clients are asking & what the experts say  “Review our SaaS contracts for technical risks” – Defence Signals Directorate (DSD) •availability of data and business functionality; •protecting data from unauthorised access; and, •handling security incidents. – Australian Government Information Management Office (AGIMO) •Liability •Performance management •Ending the arrangement – National Archives of Australia 5
Building a smarter planet Four SaaS vendor contract reviews  Findings – there are 4 core areas of risk in these vendor MSAs: 1. Light on specifics 2. Heavy on indemnity 3. Default customer referencing 4. Flimsy data portability 6
Building a smarter planet Light on specifics  Will protect customer data “in a manner consistent with general industry standards reasonably applicable”  Will use “commercially reasonable efforts to make the purchased services available 24 hours a day, 7 days a week”.  Impact: nothing to hold them to! 7 Light and wispy cirrus clouds
Building a smarter planet Heavy on indemnity  They will not be held liable for any loss of data, or revenue, or profits.  Service credits, if available, are like eating lettuce – You expend more energy chewing than you get from the consumption  Impact: nothing to hold them to! – (and look at how well that worked in the software industry!) 8
Building a smarter planet Customer reference by default  “Customer agrees to work with <vendor’s> Marketing Department to produce a news release to Customer’s use of the Service”  Risks of being outed as a customer: – “kick me” – Collateral damage – Target rich environment – Economy of effort for attackers  Impact: what has this done to your risk profile? 9
Building a smarter planet Flimsy data portability  Only 1 of the 4 mentioned a format  Proprietary data formats help create lock-in  One source of truth?  Migrating to another vendor? – Who owns the metadata? – Can you access security logs?  Impact: Vendor lock in, paying for migration, rivals being sold your work 10 Storm front over Phillip Island, Nov 11, 2011. Source: ABC.net.au
Building a smarter planet Conclusion: Practical tips to securing your cloud  Understand the risks – Create a list of the technical risks – War game different scenarios, attacks, or failures – Walk these through with business stakeholders  Contract management – involved vs. committed? – Be biased toward vendors who commit to standards – Note: Take-it-or-leave-it contracts are positively viewed by some 11 Asperatus Cloud, New Zealand, undated photo. Source: National Geographic
Building a smarter planet An interconnected world... 12 ... leads to exponential complexity and unforeseen interdependencies!
Building a smarter planet Questions? 13
Building a smarter planet References  “Cloud Computing Security Considerations”, Defence Signals Directorate (Australian Department of Defence), April 2011.  “Better Practice Guide: Negotiating the cloud – legal issues in cloud computing agreements”, Australian Government Information Management Office, February 2012.  “A Checklist for Records Management and the Cloud”, National Archives of Australia, 2011.  IBRS research: – "The Next Perfect IT Storm: The Red Shift, Utility Computing", IBRS, April 2008. – "Cloud computing, you may need a parachute", IBRS, April 2009. – "Legal considerations that apply in cloud computing", IBRS, May 2009. – "Cloud computing and the law - data considerations", IBRS, June 2009. – "Cloud computing and the law - business implication", IBRS, July 2009. – "A legal checklist before taking off into the cloud", IBRS, August 2009. – "APRA offers timely advice against losing your head in the cloud", IBRS, November 2010. – "Two tests to evaluate Cloud economics", IBRS, March 2011. – "A matrix for cloud computing risk analysis", IBRS, October 2011. – "Cloud security - the real risks", IBRS, January 2012. – “How do you catch a cloud and pin it down? Part 1”, IBRS, May 2012 – “How do you catch a cloud and pin it down? Part 2”, IBRS, July 2012 14

Recommended

Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsrgtechnologies
 
Moving enterprise IT to the cloud
Moving enterprise IT to the cloudMoving enterprise IT to the cloud
Moving enterprise IT to the cloudJan Wiersma
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsKacy Clarke
 
07 20252 cloud computing survey
07 20252 cloud computing survey07 20252 cloud computing survey
07 20252 cloud computing surveyIAESIJEECS
 
Ramin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedRamin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedHarshitParkar6677
 

Recommended

Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsrgtechnologies
 
Moving enterprise IT to the cloud
Moving enterprise IT to the cloudMoving enterprise IT to the cloud
Moving enterprise IT to the cloudJan Wiersma
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsKacy Clarke
 
07 20252 cloud computing survey
07 20252 cloud computing survey07 20252 cloud computing survey
07 20252 cloud computing surveyIAESIJEECS
 
Ramin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedRamin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedHarshitParkar6677
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesTom Kirby
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challengesBee_Ware
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceDavid Jones
 
Cloud Security: Trust and Transformation
Cloud Security: Trust and TransformationCloud Security: Trust and Transformation
Cloud Security: Trust and TransformationPeter Coffee
 
Klibel5 law 7
Klibel5 law 7Klibel5 law 7
Klibel5 law 7KLIBEL
 
Cloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA PresentationCloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA PresentationGovCloud Network
 
IBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong FoundationIBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong FoundationIBM India Smarter Computing
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
OWASP Cloud Top 10
OWASP Cloud Top 10OWASP Cloud Top 10
OWASP Cloud Top 10Ludovic Petit
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCSCJournals
 
B018211016
B018211016B018211016
B018211016IOSR Journals
 
Enhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud StorageEnhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud StorageIRJET Journal
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Chris Hails
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud securityIAEME Publication
 
OpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your businessOpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your businessOmnis Systems
 
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...Amazon Web Services
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Function of Organization.ppsx
Function of Organization.ppsxFunction of Organization.ppsx
Function of Organization.ppsx14941
 
connectivity.ppsx
connectivity.ppsxconnectivity.ppsx
connectivity.ppsx14941
 

More Related Content

Similar to IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt

Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesTom Kirby
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challengesBee_Ware
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceDavid Jones
 
Cloud Security: Trust and Transformation
Cloud Security: Trust and TransformationCloud Security: Trust and Transformation
Cloud Security: Trust and TransformationPeter Coffee
 
Klibel5 law 7
Klibel5 law 7Klibel5 law 7
Klibel5 law 7KLIBEL
 
Cloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA PresentationCloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA PresentationGovCloud Network
 
IBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong FoundationIBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong FoundationIBM India Smarter Computing
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCSCJournals
 
Enhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud StorageEnhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud StorageIRJET Journal
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Chris Hails
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud securityIAEME Publication
 
OpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your businessOpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your businessOmnis Systems
 
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...Amazon Web Services
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 

Similar to IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt (20)

Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challenges
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challenges
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security Alliance
 
Cloud Security: Trust and Transformation
Cloud Security: Trust and TransformationCloud Security: Trust and Transformation
Cloud Security: Trust and Transformation
 
Klibel5 law 7
Klibel5 law 7Klibel5 law 7
Klibel5 law 7
 
Cloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA PresentationCloud Computing In DoD, IDGA Presentation
Cloud Computing In DoD, IDGA Presentation
 
IBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong FoundationIBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
IBM’s Offering for a Smart, Private Cloud Sits on a Strong Foundation
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is Cloud
 
OWASP Cloud Top 10
OWASP Cloud Top 10OWASP Cloud Top 10
OWASP Cloud Top 10
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
 
B018211016
B018211016B018211016
B018211016
 
Enhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud StorageEnhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
Enhanced Integrity Preserving Homomorphic Scheme for Cloud Storage
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud security
 
OpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your businessOpenBrighton - The Cloud and your business
OpenBrighton - The Cloud and your business
 
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
 
College Presentation
College PresentationCollege Presentation
College Presentation
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 

More from 14941

Function of Organization.ppsx
Function of Organization.ppsxFunction of Organization.ppsx
Function of Organization.ppsx14941
 
connectivity.ppsx
connectivity.ppsxconnectivity.ppsx
connectivity.ppsx14941
 
emergingtechnologiesinmis-230718112835-62e8b460.pptx
emergingtechnologiesinmis-230718112835-62e8b460.pptxemergingtechnologiesinmis-230718112835-62e8b460.pptx
emergingtechnologiesinmis-230718112835-62e8b460.pptx14941
 
typesofoperatingsystem2-231016050714-e1a0f6fd.pptx
typesofoperatingsystem2-231016050714-e1a0f6fd.pptxtypesofoperatingsystem2-231016050714-e1a0f6fd.pptx
typesofoperatingsystem2-231016050714-e1a0f6fd.pptx14941
 
basiccomponentsofacomputernetwork-210820131631.pptx
basiccomponentsofacomputernetwork-210820131631.pptxbasiccomponentsofacomputernetwork-210820131631.pptx
basiccomponentsofacomputernetwork-210820131631.pptx14941
 
Internet of Things XL by Slidesgo (1).pptx
Internet of Things XL by Slidesgo (1).pptxInternet of Things XL by Slidesgo (1).pptx
Internet of Things XL by Slidesgo (1).pptx14941
 
Aim (A).pptx
Aim (A).pptxAim (A).pptx
Aim (A).pptx14941
 
network-topology.ppt
network-topology.pptnetwork-topology.ppt
network-topology.ppt14941
 
Cloud Computing Minitheme by Slidesgo.pptx
Cloud Computing Minitheme by Slidesgo.pptxCloud Computing Minitheme by Slidesgo.pptx
Cloud Computing Minitheme by Slidesgo.pptx14941
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx14941
 

More from 14941 (10)

Function of Organization.ppsx
Function of Organization.ppsxFunction of Organization.ppsx
Function of Organization.ppsx
 
connectivity.ppsx
connectivity.ppsxconnectivity.ppsx
connectivity.ppsx
 
emergingtechnologiesinmis-230718112835-62e8b460.pptx
emergingtechnologiesinmis-230718112835-62e8b460.pptxemergingtechnologiesinmis-230718112835-62e8b460.pptx
emergingtechnologiesinmis-230718112835-62e8b460.pptx
 
typesofoperatingsystem2-231016050714-e1a0f6fd.pptx
typesofoperatingsystem2-231016050714-e1a0f6fd.pptxtypesofoperatingsystem2-231016050714-e1a0f6fd.pptx
typesofoperatingsystem2-231016050714-e1a0f6fd.pptx
 
basiccomponentsofacomputernetwork-210820131631.pptx
basiccomponentsofacomputernetwork-210820131631.pptxbasiccomponentsofacomputernetwork-210820131631.pptx
basiccomponentsofacomputernetwork-210820131631.pptx
 
Internet of Things XL by Slidesgo (1).pptx
Internet of Things XL by Slidesgo (1).pptxInternet of Things XL by Slidesgo (1).pptx
Internet of Things XL by Slidesgo (1).pptx
 
Aim (A).pptx
Aim (A).pptxAim (A).pptx
Aim (A).pptx
 
network-topology.ppt
network-topology.pptnetwork-topology.ppt
network-topology.ppt
 
Cloud Computing Minitheme by Slidesgo.pptx
Cloud Computing Minitheme by Slidesgo.pptxCloud Computing Minitheme by Slidesgo.pptx
Cloud Computing Minitheme by Slidesgo.pptx
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 

IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt

  • 1. Practical tips for securing your cloud James Turner, IBRS Advisor August 2012
  • 2. Building a smarter planet Warning  This presentation has a lot of pictures of clouds 2
  • 3. Building a smarter planet Practical tips to securing your cloud  Defining the cloud  What IBRS clients are asking & What the experts say  Four interesting areas of risk  Summary  A glimpse of the future  Questions 3
  • 4. Building a smarter planet Defining cloud  The most widely accepted definition of cloud comes from the National Institute of Science and Technology (NIST) : 1. On demand self-service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Pay-per-use measured service  I’m talking about SaaS 4 Morning Glory clouds – Gulf of Carpentaria. Source: NASA. Credit: Mick Petroff
  • 5. Building a smarter planet What IBRS clients are asking & what the experts say  “Review our SaaS contracts for technical risks” – Defence Signals Directorate (DSD) •availability of data and business functionality; •protecting data from unauthorised access; and, •handling security incidents. – Australian Government Information Management Office (AGIMO) •Liability •Performance management •Ending the arrangement – National Archives of Australia 5
  • 6. Building a smarter planet Four SaaS vendor contract reviews  Findings – there are 4 core areas of risk in these vendor MSAs: 1. Light on specifics 2. Heavy on indemnity 3. Default customer referencing 4. Flimsy data portability 6
  • 7. Building a smarter planet Light on specifics  Will protect customer data “in a manner consistent with general industry standards reasonably applicable”  Will use “commercially reasonable efforts to make the purchased services available 24 hours a day, 7 days a week”.  Impact: nothing to hold them to! 7 Light and wispy cirrus clouds
  • 8. Building a smarter planet Heavy on indemnity  They will not be held liable for any loss of data, or revenue, or profits.  Service credits, if available, are like eating lettuce – You expend more energy chewing than you get from the consumption  Impact: nothing to hold them to! – (and look at how well that worked in the software industry!) 8
  • 9. Building a smarter planet Customer reference by default  “Customer agrees to work with <vendor’s> Marketing Department to produce a news release to Customer’s use of the Service”  Risks of being outed as a customer: – “kick me” – Collateral damage – Target rich environment – Economy of effort for attackers  Impact: what has this done to your risk profile? 9
  • 10. Building a smarter planet Flimsy data portability  Only 1 of the 4 mentioned a format  Proprietary data formats help create lock-in  One source of truth?  Migrating to another vendor? – Who owns the metadata? – Can you access security logs?  Impact: Vendor lock in, paying for migration, rivals being sold your work 10 Storm front over Phillip Island, Nov 11, 2011. Source: ABC.net.au
  • 11. Building a smarter planet Conclusion: Practical tips to securing your cloud  Understand the risks – Create a list of the technical risks – War game different scenarios, attacks, or failures – Walk these through with business stakeholders  Contract management – involved vs. committed? – Be biased toward vendors who commit to standards – Note: Take-it-or-leave-it contracts are positively viewed by some 11 Asperatus Cloud, New Zealand, undated photo. Source: National Geographic
  • 12. Building a smarter planet An interconnected world... 12 ... leads to exponential complexity and unforeseen interdependencies!
  • 13. Building a smarter planet Questions? 13
  • 14. Building a smarter planet References  “Cloud Computing Security Considerations”, Defence Signals Directorate (Australian Department of Defence), April 2011.  “Better Practice Guide: Negotiating the cloud – legal issues in cloud computing agreements”, Australian Government Information Management Office, February 2012.  “A Checklist for Records Management and the Cloud”, National Archives of Australia, 2011.  IBRS research: – "The Next Perfect IT Storm: The Red Shift, Utility Computing", IBRS, April 2008. – "Cloud computing, you may need a parachute", IBRS, April 2009. – "Legal considerations that apply in cloud computing", IBRS, May 2009. – "Cloud computing and the law - data considerations", IBRS, June 2009. – "Cloud computing and the law - business implication", IBRS, July 2009. – "A legal checklist before taking off into the cloud", IBRS, August 2009. – "APRA offers timely advice against losing your head in the cloud", IBRS, November 2010. – "Two tests to evaluate Cloud economics", IBRS, March 2011. – "A matrix for cloud computing risk analysis", IBRS, October 2011. – "Cloud security - the real risks", IBRS, January 2012. – “How do you catch a cloud and pin it down? Part 1”, IBRS, May 2012 – “How do you catch a cloud and pin it down? Part 2”, IBRS, July 2012 14