1. www.cdicconference.com
Cyber Defense Initiative Conference 2011
20th – 21st March 2012, Grand Hall, BITEC, Bangna, Bangkok
“Is Your Privacy at Risk? Securit and Privacy Chalenges in te Digital
Modernit”
Public/Private Cloud Securtiy
Trends & Awareness
Assoc.Prof. Dr. Thanachart Numnonda
Director
Software Park Thailand
9. A Subset of Cloud
Landscape
Source : Cloud Computing for Developers & Architects: Qcon 2008
9
10. The New Reality for Users
Apps & Data Diverse Access
Everywhere Points
Universal App
Windows Catalog and Browser
Workflow
Legacy Apps
Windows
SaaS
Services
Mac
Broker
Mobile iOS
Apps
Android
Entitlements, Policies
and Reporting
Data
Services
Source : From Datacenter to Device: Security in the Enterprise 2012 and Beyond : VMWare
11. 2011-2014: The Hybrid
Hybrid Cloud Computing
Enterprise
private clouds
public clouds
Notional
Cloud + Mobile enterprise
organizational
Dispersal of applications boundary
boundary
Dispersal of data cloud of users
Dispersal of users
Dispersal of endpoint devices
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
11
12. “At year-end 2016,
more than 50 percent of Global 1000 companies
will have stored customer-sensitive data
in the public cloud.”.
Gartner Prediction 2012
13. Top 5 Cloud Computing Trends
IT departments will be forever changed
Cloud security will no longer be an issue
Custom cloud computing services
Custom software development will shift towards
the cloud
Innovation
Source : http://www.rickscloud.com/
13
14. Cloud Readiness Index 2011
Source : Asia Cloud Computing Association: September 2011
17. Cloud Forcing Key Issues
Critical mass of separation between data owners and
data processors
Anonymity of geography of data centers & devices
Anonymity of provider
Transient provider relationships
Physical controls must be replaced by virtual controls
Identity management has a key role to play
Cloud WILL drive change in the security status quo
Reset button for security ecosystem
Source : Achieving Security Assurance and Compliance in the Cloud: CSA 17
18. What are the Trust Issues?
Will my cloud provider be transparent about governance and
operational issues?
Will I be considered compliant?
Do I know where my data is?
Will a lack of standards drive unexpected obsolescence?
Is my provider really better at security than me?
Are the hackers waiting for me in the cloud?
Will I get fired?
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
18
19. Key Problems of Tomorrow
Keeping pace with cloud changes
Globally incompatible legislation and policy
Non-standard Private & Public clouds
Lack of continuous Risk Management & Compliance
monitoring
Incomplete Identity Management implementations
Haphazard response to security incidents
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
19