The document discusses the evolving landscape of security and compliance in cloud computing, emphasizing the shift towards IT as a service and the need for organizations to adapt their security strategies. It highlights the increasing responsibility of cloud service providers for data security and the changing nature of network perimeters, as more critical data moves offsite. Additionally, it outlines trends in compliance and governance in cloud environments, suggesting that organizations must engage with security and auditing processes to navigate these changes effectively.

1. Predicting the Future: Security and Compliance in the Cloud Age

2. IntroductionMisha Govshteyn – CTO, Alert LogicWork in security and web-scale architecture; operate high performance LAMP environment and Erlang-based compute gridHelp hosting/cloud service providers deliver security servicesSecure Cloud Review blog -> http://www.securecloudreview.com/ What we do at Alert Logic

3. About this sessionObjective:Help you make security & compliance decisions that prepare your company for the futureThis presentation addresses a broad trend of consuming IT as a serviceCloud in this context includes IaaSPaaSSaaSWhy take such a broad view? Because each of these models has potential to significantly alter the way you protect your most critical assets

4. Putting 2010 questions in perspectiveQuestions of today are less important than this fact : IT is increasingly delivered as a serviceYour IT footprint is already changing…probably adopting some form of cloud servicesnetwork is already becoming decentralizedSome of your data may already be off-premiseIaaS? PaaS? SaaS?Private vs Public?IT vs Cloud?

5. Formulating a Security Strategy

6. Your Enterprise in 2015platformISVvirtualdesktopsaasburstprivateHRCRMFinancePOSweb storefrontCloud Enabled FunctionsEnterprise SoftwareEnterprise Platforms

7. Cloud questions today and tomorrow

8. Your enterprise 5 years from nowPerimeter is less important than everMore than 50% of your critical data is offsiteSome in environments you do not controlSome users don’t need your VPN to do their jobs Securing the enterprise will be characterized byContinuous transfer of security responsibility to service providers of all typesApplication/protocol level attacksEven more compliance requirements than today

9. Security trends in next 5 yearsGovernance and compliance efforts will extend to private and public cloud environmentsCloud providers will use security as a differentiatorBecome increasingly more transparentProvide automated attestation and auditing of key controls, including access to logsNative data encryption available & heavily promoted, but sparingly usedMost will offer enterprise-level Security-as-a-Service within 2-3 yearsChanges in security industryIdentity management is likely to become the first cloud sec “killer app”Netsec vendors, less strategic to enterprises, will focus on CSPsApplication/protocol security and Data Leak Prevention are likely to become increasingly important due to PCI mandates

10. Cloud impact on network securityMost network security products are unable to deal with complexity of CSP networksBig pipes: CSPs already see speeds well in excess of 50gbpsSmall customers: thousands of customers, some with very little traffic (no native multi-tenancy)Rapid elasticity – changing topology, new IP allocations, new VLANS, more traffic flowsToday’s notions of trusted users, networks and computing resources will need to be re-thoughtCloud Service Providers will begin to control an increasing share of the network, rather than Enterprise ITThe Evolving perimeterTraditional notion of perimeter will change dramatically as data migrates into the cloud

11. Network firewalls will fade in importance as perimeter disappears

12. Network security functions subsumed by service providers

13. Increasingly offered as a service

14. Become embedded in CSP and NSP network fabric

15. New security focus:

16. Applications

17. Protocols