SlideShare uma empresa Scribd logo

Cloud security jean pawluk ewf talk sept 2009

A
atlowe

The document discusses cloud computing security. It begins by providing historical context on computing from mainframes to today's ubiquitous computing power. It then discusses the opportunities and hype around cloud computing while noting an important paradigm shift is occurring. The document outlines examples of cloud computing today and questions when organizations will fully adopt cloud services. It discusses security concerns regarding cloud computing including data location, compliance, and responsibility. Finally, it calls for a governance approach to cloud computing security and notes there are no simple solutions.

TecnologiaNegócios
1 de 25
Baixar para ler offline
Cloudy Weather Cloud Computing Security Jean Pawluk Chief Architect Prepared for Executive Women’s Forum Emerging Technology Workshop September, 2009 ©Jean Pawluk
With great opportunity, comes great risk ©Jean Pawluk 09/24/2009 Jean Pawluk 2
In the Way Back Machine… Think back to the time of "big iron" • Ruled by mainframes and minis • Few mobile devices Think again about the last few years : Big changes that occurred with the Internet and mobility of devices Today’s evolution • Convergence of the two • Ubiquity of compute power ©Jean Pawluk 09/24/2009 Jean Pawluk 3
Opportunity to discover … ©Jean Pawluk 09/24/2009 Jean Pawluk 4
Cool Hype…… & lots of confusion Confusion abounds today as several ideas and services are labeled “cloud computing” A few myths exist: • Cloud computing is new revolution (it’s an old idea) • Cloud computing is just virtualization • Internet and Web are the cloud • Every vendor has different cloud • Everything will be in the cloud (as if) Nevertheless: Under the hype a very important paradigm shift is occurring that is similar to the move to the Internet ©Jean Pawluk 09/24/2009 Jean Pawluk 5
You can find the cloud today……… Swarms of connected technology Examples  Social Networks and business services, which  Virtual Worlds are offered, bought, sold, used,  Games repurposed  Blogs  Books & Magazines & Newspapers  “free” Email On shared worldwide networks of  Data everywhere / all of the time service providers, consumers,  Market Research aggregators, and brokers  Census  Data aggregators  Marketing collateral - Creating -  Video  Phone  TV New ways of offering, using, and  Photos organizing information and  Music ©Jean Pawluk functionality  Virtual desktops  Search engines 09/24/2009 Jean Pawluk 6
Next ? So when will we …..  Stop talking about the Internet (which was the “cloud” ) and when will the Cloud be omnipresent  Move from managers of technology to managers of services…  Move from a focus on cost to a focus on value…  Move from overhead to a team that enables growth… ©Jean Pawluk 09/24/2009 Jean Pawluk 7
Cloud-onomics CLOUD COMPUTING AGILITY + BUSINESS & IT ALIGNMENT + SERVICE FLEXIBILITY + INDUSTRY STANDARDS = OPTIMIZED BUSINESS …allows you to optimize new investments for direct business benefits VIRTUALIZATION + ENERGY EFFICIENCY + STANDARDIZATION + AUTOMATION = Reduced Cost …leverages virtualization, standardization and automation to free up operational budget for new investment ©Jean Pawluk Courtesy and Copyright of IBM 09/24/2009 Jean Pawluk 8
Cloud Computing Business Drivers Cost Pay per use No hardware or startup costs   Low investment in capital expenditure & time-to-live Flexibility  Use cloud computing services when needed  Dynamically grow and shrink services Simplicity  Typically browser based user interfaces Response  Speed to market  Fast resourcing - provisioning and de-provisioning processing etc Availability  Many cloud service providers have global, robust network, CPU and application capability ©Jean Pawluk 09/24/2009 Jean Pawluk 9
Several Cloud Deployment Models  Private Enterprise / Internal Cloud  Managed Private Cloud  External Public Cloud  Hybrid Combination ©Jean Pawluk Jericho Cloud Cube Model 09/24/2009 Jean Pawluk 10
Public Cloud Computing: From a user perspective • User: – Builds a web application, – Using a standard platform and database – Upload this application to a cloud provider • Cloud provider – Provisions the services – Scales the application and the database together • User – Doesn’t care about which servers, which databases, which hardware, how much memory (the cloud platform handles all of that) – Users are totally free from any technical complexity other than the service itself • Cloud provider Great idea but where are – Decides how to cache content, how and where to deploy servers based on demand, performs backups, and even has the ability for the the data security controls business to distinguish "production" from "staging" deployments in this point of view – Has ongoing management and monitoring of the external service ??? • User: – Only pays for what is used when user needs it – Everything else is a implementation detail ©Jean Pawluk 09/24/2009 Jean Pawluk 11
Evolving Cloud Architectures Central architectural concept is XaaS ( everything) as a service: Core being: •IAAS (Infrastructure) •PAAS (Platform) •SASS (Software) Yet - Security is off to the side The lower down the stack a Cloud provider stops, the more security you are tactically responsible for implementing & ©Jean Pawluk managing yourself Jean Pawluk 09/24/2009 12 Diagram Courtesy of Chris Hoff
Risk - Who controls security? You “SLA” security The lower down the stack a Cloud provider stops, the more security you are tactically responsible for implementing & managing yourself SaaS You build in your IaaS PaaS own security IaaS ©Jean Pawluk 09/24/2009 Jean Pawluk 13
READ the fine print… 72 Security We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet Accordingly, without limitation to Section 43 above and Section 115 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications ©Jean Pawluk Source -http://awsamazoncom/agreement/
What’s ready for the cloud?  When the processes, applications and data are largely independent  When the points of integration are well defined  When a lower level of security will work just fine  When the core internal enterprise architecture is healthy  When the Web is the desired platform  When cost is an issue  When the applications are new ©Jean Pawluk Courtesy and Copyright of David Linthicum 09/24/2009 Jean Pawluk 15
Cloud Computing Services Players:  Infrastructure - Computing infrastructure, typically a platform virtualization environment, as a service  Full virtualization (GoGrid, Skytap)  Grid computing (Sun Grid)  Management (RightScale)  Compute (Amazon Elastic Compute Cloud)  Platform - The delivery of a computing platform, and/or solution stack as a service  Web application frameworks  Ajax (Caspio)  Python Django (Google App Engine)  Ruby on Rails (Heroku)  Web hosting (Mosso)  Proprietary (Azure, Force.com)  Storage - Data storage as a service, billed on a utility basis, eg per gigabyte / month  Database (Amazon SimpleDB, Google App Engine's BigTable datastore)  Network attached storage (MobileMe iDisk, CTERA Cloud Attached Storage, Nirvanix CloudNAS )  Synchronization (Live Mesh Live Desktop component, MobileMe push functions)  Web service (Amazon Simple Storage Service, Nirvanix SDN) ©Jean Pawluk 09/24/2009 Jean Pawluk 16
Cloud Computing Services Players (more) Business Services - Interoperable machine-to-machine interaction over a network accessed by other cloud computing components, or directly by end users  Identity (OAuth, OpenID)  Integration (Amazon Simple Queue Service)  Payments (Amazon Flexible Payments Service, Google Checkout, PayPal)  Mapping (Google Maps, Yahoo! Maps)  Search (Alexa, Google Custom Search, Yahoo! BOSS)  Others (Amazon Mechanical Turk) Application - Cloud based software, that often eliminates the need for local installation  Peer-to-peer / volunteer computing (Bittorrent, BOINC Projects, Skype)  Web application (Facebook)  Software as a service (Google Apps, Salesforce)  Software plus services (Microsoft Online Services) ©Jean Pawluk 09/24/2009 Jean Pawluk 17
What’s not ready for the cloud?  When the processes, applications and data are largely coupled  When the points of integration are not well defined  When a high level of security is required  When the core internal enterprise architecture needs work  When the application requires a native interface  When cost is an issue  When the applications are legacy Courtesy and Copyright of David Linthicum ©Jean Pawluk 09/24/2009 Jean Pawluk 18
What’s not ready for the cloud? (more) 1. Work which depends on sensitive data normally restricted to the Enterprise  Employee Information - Not ready to move enterprise info into a public cloud with high sensitivity of the data  Health Care Records – Do not move until the security of the cloud provider is well established 2. Work composed of multiple, co-dependent services  High throughput online transaction processing 3. Work requiring a high level of auditability, accountability and regulation  Work subject to Sarbanes-Oxley 4. Work based on 3rd party software which does not have a cloud aware licensing strategy 5. Work requiring detailed chargeback or utilization measurement as required for capacity planning or departmental level billing 6. Work requiring customization (eg customized SaaS) ©Jean Pawluk 09/24/2009 Jean Pawluk 19
Security Questions – They go on & on … Shared Infrastructure Massively scalable • As we open up systems, can we • Where does our data reside? expect the same security, In a foreign country? reliability, & availability? Mobility & Flexibility • Who are you sharing that server • Will vendor relationship with? management hamper Consumption-based pricing mobility? • What happens if you don’t pay • Can any “fly-by-night” coder your bill? Do you lose your & service be a cloud? data? • Will we see service brokers • How do we control and monitor emerge? consumption? Internet-based & easily Improved Business Continuity accessible • What infrastructure is the • Will the cloud enable an applications running on? increase of shadow IT? • What protection do we have against outages? ©Jean Pawluk • What legal recourse do we have? 09/24/2009 Jean Pawluk 20
Cloud Security - Areas of Concern  Information lifecycle management  Governance and Enterprise Risk Management  Compliance & Audit  General Legal  eDiscovery  Encryption and Key Management  Identity and Access Management  Storage  Virtualization  Application Security Trust Time Bomb  Portability & Interoperability  Data Center Operations Management  Incident Response, Notification, Remediation  "Traditional" Security impact (business continuity, disaster recovery, physical security) ©Jean Pawluk 09/24/2009 Jean Pawluk 21
Back to the Future: Co-existing delivery models ? Security Issues will occur crossing between private Service Consumers and public use Services Services Services Service Integration Service Integration Service Integration Traditional Public Private Cloud Enterprise IT Clouds Enterprise  Mission Critical  Test Systems  Variable Storage  Packaged Apps  Storage Cloud  Software as a Service  High Compliancy  Developer Systems  Web Hosting ©Jean Pawluk SAAS, IAAS & PAAS Public / Private Example 09/24/2009 Jean Pawluk 22
Summary  Cloud Computing is real and transformational  Cloud Computing can be secured but also can carry increased risk due to aggregation of assets  Cloud needs • Broad governance approach • Tactical fixes  Know that there is “no free lunch” ©Jean Pawluk 09/24/2009 Jean Pawluk 23
Bridge the chasm from now to future…  Take the time now to tackle future issues:  Practical, technical issues are addressed  Security issues are addressed  Confidence will increase as Cloud Computing evolves and mainstreams lifecycle  Hype reduces over time So don’t rush…think and do it right ©Jean Pawluk 09/24/2009 Jean Pawluk 24
Cloud Security Alliance Call to Action  Discussions & announcements on LinkedIn  Join us, help make our work better  Other research initiatives and events being planned • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: Cloud Security Alliance group www.linkedin.com/groups?gid=1864210 ©Jean Pawluk 09/24/2009 Jean Pawluk 25

Recomendados

Introduction to the cloud
Introduction to the cloudIntroduction to the cloud
Introduction to the cloud
RMS
 
PUBLISHED: Cloud Computing Economics
PUBLISHED: Cloud Computing EconomicsPUBLISHED: Cloud Computing Economics
PUBLISHED: Cloud Computing Economics
RichardBatka
 
As oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemAs oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em Nuvem
Soluções NEI
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management Firestarter
Bala Subra
 
CeBIT-Preview Hamburg
CeBIT-Preview HamburgCeBIT-Preview Hamburg
CeBIT-Preview Hamburg
FujitsuSiemensComputers
 
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridasLa tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
Mundo Contact
 
Lam Chee Keong
Lam Chee KeongLam Chee Keong
Lam Chee Keong
Amelia Velu
 
Picking the right cloud platform
Picking the right cloud platformPicking the right cloud platform
Picking the right cloud platform
Angelo Rajadurai
 

Recomendados

Introduction to the cloud
Introduction to the cloudIntroduction to the cloud
Introduction to the cloud
RMS
 
PUBLISHED: Cloud Computing Economics
PUBLISHED: Cloud Computing EconomicsPUBLISHED: Cloud Computing Economics
PUBLISHED: Cloud Computing Economics
RichardBatka
 
As oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemAs oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em Nuvem
Soluções NEI
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management Firestarter
Bala Subra
 
CeBIT-Preview Hamburg
CeBIT-Preview HamburgCeBIT-Preview Hamburg
CeBIT-Preview Hamburg
FujitsuSiemensComputers
 
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridasLa tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
La tendencia de Cloud Computing. Nubes públicas, privadas e híbridas
Mundo Contact
 
Lam Chee Keong
Lam Chee KeongLam Chee Keong
Lam Chee Keong
Amelia Velu
 
Picking the right cloud platform
Picking the right cloud platformPicking the right cloud platform
Picking the right cloud platform
Angelo Rajadurai
 
HP Software Master Class Keynote by Mario Derba
HP Software Master Class Keynote by Mario DerbaHP Software Master Class Keynote by Mario Derba
HP Software Master Class Keynote by Mario Derba
Mario Derba
 
Virtualization 2 Business
Virtualization 2 BusinessVirtualization 2 Business
Virtualization 2 Business
heraldschelke
 
Transforming Your Business Through Cloud Computing
Transforming Your Business Through Cloud ComputingTransforming Your Business Through Cloud Computing
Transforming Your Business Through Cloud Computing
AMD
 
Microsoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud ComputingMicrosoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud Computing
guestaebb4a1
 
Enterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere ITEnterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere IT
Yankee Group
 
CloudComputing - The future is in the sky
CloudComputing - The future is in the skyCloudComputing - The future is in the sky
CloudComputing - The future is in the sky
Steinar Ardal
 
Over The Cloud
Over The CloudOver The Cloud
Over The Cloud
Lemon Operations
 
The Cloud and The New Organization
The Cloud and The New OrganizationThe Cloud and The New Organization
The Cloud and The New Organization
Antonio Montoya
 
Greg Boss Ibm Cloud Computing June 2008
Greg Boss Ibm Cloud Computing June 2008Greg Boss Ibm Cloud Computing June 2008
Greg Boss Ibm Cloud Computing June 2008
GovCloud Network
 
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Ruud Ramakers
 
BaaS Extended
BaaS ExtendedBaaS Extended
BaaS Extended
Lemon Operations
 
Cloud Computing - Does Every Cloud Have a Silver Lining?
Cloud Computing - Does Every Cloud Have a Silver Lining?Cloud Computing - Does Every Cloud Have a Silver Lining?
Cloud Computing - Does Every Cloud Have a Silver Lining?
Steve Cast
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
Lilian Schaffer
 
Simplifying the Service Desk - presented at CA World 2011
Simplifying the Service Desk - presented at CA World 2011Simplifying the Service Desk - presented at CA World 2011
Simplifying the Service Desk - presented at CA World 2011
CA Nimsoft
 
Intelbloggerday08
Intelbloggerday08Intelbloggerday08
Intelbloggerday08
Sivadon Chaisiri
 
Cloud Frontiers 2011
Cloud Frontiers 2011Cloud Frontiers 2011
Cloud Frontiers 2011
Randy Bias
 
2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment
Open Data Center Alliance
 
VISIT2008 Cloud Computing
VISIT2008 Cloud ComputingVISIT2008 Cloud Computing
VISIT2008 Cloud Computing
FujitsuSiemensComputers
 
Reizen met de trein
Reizen met de treinReizen met de trein
Reizen met de trein
Karin Verschueren
 
торжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победыторжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победы
msikanov
 
condensed version of me
condensed version of me condensed version of me
condensed version of me
Laras Mukti
 
Sponsors del Congreso de Tecnología AMBA 2016
Sponsors del Congreso de Tecnología AMBA 2016Sponsors del Congreso de Tecnología AMBA 2016
Sponsors del Congreso de Tecnología AMBA 2016
Asociación de Marketing Bancario Argentino
 

Mais conteúdo relacionado

Mais procurados

Enterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere ITEnterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere IT
Yankee Group
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
Lilian Schaffer
 

Mais procurados (18)

HP Software Master Class Keynote by Mario Derba
HP Software Master Class Keynote by Mario DerbaHP Software Master Class Keynote by Mario Derba
HP Software Master Class Keynote by Mario Derba
 
Virtualization 2 Business
Virtualization 2 BusinessVirtualization 2 Business
Virtualization 2 Business
 
Transforming Your Business Through Cloud Computing
Transforming Your Business Through Cloud ComputingTransforming Your Business Through Cloud Computing
Transforming Your Business Through Cloud Computing
 
Microsoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud ComputingMicrosoft Power Point Dublin Saa S Event Cloud Computing
Microsoft Power Point Dublin Saa S Event Cloud Computing
 
Enterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere ITEnterprise in the Cloud, the Emergence of Anywhere IT
Enterprise in the Cloud, the Emergence of Anywhere IT
 
CloudComputing - The future is in the sky
CloudComputing - The future is in the skyCloudComputing - The future is in the sky
CloudComputing - The future is in the sky
 
Over The Cloud
Over The CloudOver The Cloud
Over The Cloud
 
The Cloud and The New Organization
The Cloud and The New OrganizationThe Cloud and The New Organization
The Cloud and The New Organization
 
Greg Boss Ibm Cloud Computing June 2008
Greg Boss Ibm Cloud Computing June 2008Greg Boss Ibm Cloud Computing June 2008
Greg Boss Ibm Cloud Computing June 2008
 
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
 
BaaS Extended
BaaS ExtendedBaaS Extended
BaaS Extended
 
Cloud Computing - Does Every Cloud Have a Silver Lining?
Cloud Computing - Does Every Cloud Have a Silver Lining?Cloud Computing - Does Every Cloud Have a Silver Lining?
Cloud Computing - Does Every Cloud Have a Silver Lining?
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Simplifying the Service Desk - presented at CA World 2011
Simplifying the Service Desk - presented at CA World 2011Simplifying the Service Desk - presented at CA World 2011
Simplifying the Service Desk - presented at CA World 2011
 
Intelbloggerday08
Intelbloggerday08Intelbloggerday08
Intelbloggerday08
 
Cloud Frontiers 2011
Cloud Frontiers 2011Cloud Frontiers 2011
Cloud Frontiers 2011
 
2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment2012: The Tipping Point of Broad Scale Cloud Deployment
2012: The Tipping Point of Broad Scale Cloud Deployment
 
VISIT2008 Cloud Computing
VISIT2008 Cloud ComputingVISIT2008 Cloud Computing
VISIT2008 Cloud Computing
 

Destaque

торжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победыторжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победы
msikanov
 
в ожидании нового года
в ожидании нового годав ожидании нового года
в ожидании нового года
msikanov
 
зимние игры
зимние игрызимние игры
зимние игры
msikanov
 
посещение школьной библиотеки
посещение школьной библиотекипосещение школьной библиотеки
посещение школьной библиотеки
msikanov
 
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
msikanov
 
Senior project pictures
Senior project picturesSenior project pictures
Senior project pictures
cheshire4
 
Senior project 2012
Senior project 2012Senior project 2012
Senior project 2012
NickLogston
 
осенние праздники
осенние праздникиосенние праздники
осенние праздники
msikanov
 
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพพฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
อำนาจ ศรีทิม
 

Destaque (20)

Reizen met de trein
Reizen met de treinReizen met de trein
Reizen met de trein
 
торжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победыторжественное мероприятие, посвящённое 70 летию великой победы
торжественное мероприятие, посвящённое 70 летию великой победы
 
condensed version of me
condensed version of me condensed version of me
condensed version of me
 
Sponsors del Congreso de Tecnología AMBA 2016
Sponsors del Congreso de Tecnología AMBA 2016Sponsors del Congreso de Tecnología AMBA 2016
Sponsors del Congreso de Tecnología AMBA 2016
 
Ode to a morning
Ode to a morningOde to a morning
Ode to a morning
 
в ожидании нового года
в ожидании нового годав ожидании нового года
в ожидании нового года
 
зимние игры
зимние игрызимние игры
зимние игры
 
Fly fishing
Fly fishingFly fishing
Fly fishing
 
Gezondheidswetenschappen
GezondheidswetenschappenGezondheidswetenschappen
Gezondheidswetenschappen
 
посещение школьной библиотеки
посещение школьной библиотекипосещение школьной библиотеки
посещение школьной библиотеки
 
трение
трениетрение
трение
 
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
пошагово детальное преподавание информации,ее усвоение, уменьшение искажений ...
 
בסיסי
בסיסיבסיסי
בסיסי
 
Werktuigbouwkunde
WerktuigbouwkundeWerktuigbouwkunde
Werktuigbouwkunde
 
Senior project pictures
Senior project picturesSenior project pictures
Senior project pictures
 
производство клиентов константин холстинин
производство клиентов константин холстининпроизводство клиентов константин холстинин
производство клиентов константин холстинин
 
الفعل الماضي
الفعل الماضيالفعل الماضي
الفعل الماضي
 
Senior project 2012
Senior project 2012Senior project 2012
Senior project 2012
 
осенние праздники
осенние праздникиосенние праздники
осенние праздники
 
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพพฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
พฤติกรรมที่แสดงถึงความเป็นผู้มีวินัยคุณธรรม จริยธรรม และจรรยาบรรณวิชาชีพ
 

Semelhante a Cloud security jean pawluk ewf talk sept 2009

Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
Lilian Schaffer
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App Fabric
Wes Yanaga
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
Eucalyptus Systems, Inc.
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
Eucalyptus Systems, Inc.
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
Eucalyptus Systems, Inc.
 
Accenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computingAccenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computing
Ngy Ea
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013
Aimi Aizal Nasharuddin
 
Lovett introducing cloud computing nov 2009
Lovett introducing cloud computing nov 2009Lovett introducing cloud computing nov 2009
Lovett introducing cloud computing nov 2009
Hilde Lovett
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
HKISPA
 

Semelhante a Cloud security jean pawluk ewf talk sept 2009 (20)

Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2
 
Cloud ready
Cloud readyCloud ready
Cloud ready
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App Fabric
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
 
Accenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computingAccenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computing
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 final
 
Infrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and Virtualization
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
 
20111206 Cloud Expo Nl Jaarbeurs 7 Dec
20111206 Cloud Expo Nl Jaarbeurs 7 Dec20111206 Cloud Expo Nl Jaarbeurs 7 Dec
20111206 Cloud Expo Nl Jaarbeurs 7 Dec
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013
 
Lovett introducing cloud computing nov 2009
Lovett introducing cloud computing nov 2009Lovett introducing cloud computing nov 2009
Lovett introducing cloud computing nov 2009
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Sdp Evolution Issue 1
Sdp Evolution Issue 1Sdp Evolution Issue 1
Sdp Evolution Issue 1
 
Cloud Technology to Facilitate Growth
Cloud Technology to Facilitate GrowthCloud Technology to Facilitate Growth
Cloud Technology to Facilitate Growth
 
The Sun Cloud
The Sun CloudThe Sun Cloud
The Sun Cloud
 
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
Data center 2.0: The journey to the cloud from the datacenter perspertive by ...
 
Blueprinting solutions for cloud computing
Blueprinting solutions for cloud computingBlueprinting solutions for cloud computing
Blueprinting solutions for cloud computing
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Cloud security jean pawluk ewf talk sept 2009

  • 1. Cloudy Weather Cloud Computing Security Jean Pawluk Chief Architect Prepared for Executive Women’s Forum Emerging Technology Workshop September, 2009 ©Jean Pawluk
  • 2. With great opportunity, comes great risk ©Jean Pawluk 09/24/2009 Jean Pawluk 2
  • 3. In the Way Back Machine… Think back to the time of "big iron" • Ruled by mainframes and minis • Few mobile devices Think again about the last few years : Big changes that occurred with the Internet and mobility of devices Today’s evolution • Convergence of the two • Ubiquity of compute power ©Jean Pawluk 09/24/2009 Jean Pawluk 3
  • 4. Opportunity to discover … ©Jean Pawluk 09/24/2009 Jean Pawluk 4
  • 5. Cool Hype…… & lots of confusion Confusion abounds today as several ideas and services are labeled “cloud computing” A few myths exist: • Cloud computing is new revolution (it’s an old idea) • Cloud computing is just virtualization • Internet and Web are the cloud • Every vendor has different cloud • Everything will be in the cloud (as if) Nevertheless: Under the hype a very important paradigm shift is occurring that is similar to the move to the Internet ©Jean Pawluk 09/24/2009 Jean Pawluk 5
  • 6. You can find the cloud today……… Swarms of connected technology Examples  Social Networks and business services, which  Virtual Worlds are offered, bought, sold, used,  Games repurposed  Blogs  Books & Magazines & Newspapers  “free” Email On shared worldwide networks of  Data everywhere / all of the time service providers, consumers,  Market Research aggregators, and brokers  Census  Data aggregators  Marketing collateral - Creating -  Video  Phone  TV New ways of offering, using, and  Photos organizing information and  Music ©Jean Pawluk functionality  Virtual desktops  Search engines 09/24/2009 Jean Pawluk 6
  • 7. Next ? So when will we …..  Stop talking about the Internet (which was the “cloud” ) and when will the Cloud be omnipresent  Move from managers of technology to managers of services…  Move from a focus on cost to a focus on value…  Move from overhead to a team that enables growth… ©Jean Pawluk 09/24/2009 Jean Pawluk 7
  • 8. Cloud-onomics CLOUD COMPUTING AGILITY + BUSINESS & IT ALIGNMENT + SERVICE FLEXIBILITY + INDUSTRY STANDARDS = OPTIMIZED BUSINESS …allows you to optimize new investments for direct business benefits VIRTUALIZATION + ENERGY EFFICIENCY + STANDARDIZATION + AUTOMATION = Reduced Cost …leverages virtualization, standardization and automation to free up operational budget for new investment ©Jean Pawluk Courtesy and Copyright of IBM 09/24/2009 Jean Pawluk 8
  • 9. Cloud Computing Business Drivers Cost Pay per use No hardware or startup costs   Low investment in capital expenditure & time-to-live Flexibility  Use cloud computing services when needed  Dynamically grow and shrink services Simplicity  Typically browser based user interfaces Response  Speed to market  Fast resourcing - provisioning and de-provisioning processing etc Availability  Many cloud service providers have global, robust network, CPU and application capability ©Jean Pawluk 09/24/2009 Jean Pawluk 9
  • 10. Several Cloud Deployment Models  Private Enterprise / Internal Cloud  Managed Private Cloud  External Public Cloud  Hybrid Combination ©Jean Pawluk Jericho Cloud Cube Model 09/24/2009 Jean Pawluk 10
  • 11. Public Cloud Computing: From a user perspective • User: – Builds a web application, – Using a standard platform and database – Upload this application to a cloud provider • Cloud provider – Provisions the services – Scales the application and the database together • User – Doesn’t care about which servers, which databases, which hardware, how much memory (the cloud platform handles all of that) – Users are totally free from any technical complexity other than the service itself • Cloud provider Great idea but where are – Decides how to cache content, how and where to deploy servers based on demand, performs backups, and even has the ability for the the data security controls business to distinguish "production" from "staging" deployments in this point of view – Has ongoing management and monitoring of the external service ??? • User: – Only pays for what is used when user needs it – Everything else is a implementation detail ©Jean Pawluk 09/24/2009 Jean Pawluk 11
  • 12. Evolving Cloud Architectures Central architectural concept is XaaS ( everything) as a service: Core being: •IAAS (Infrastructure) •PAAS (Platform) •SASS (Software) Yet - Security is off to the side The lower down the stack a Cloud provider stops, the more security you are tactically responsible for implementing & ©Jean Pawluk managing yourself Jean Pawluk 09/24/2009 12 Diagram Courtesy of Chris Hoff
  • 13. Risk - Who controls security? You “SLA” security The lower down the stack a Cloud provider stops, the more security you are tactically responsible for implementing & managing yourself SaaS You build in your IaaS PaaS own security IaaS ©Jean Pawluk 09/24/2009 Jean Pawluk 13
  • 14. READ the fine print… 72 Security We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet Accordingly, without limitation to Section 43 above and Section 115 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications ©Jean Pawluk Source -http://awsamazoncom/agreement/
  • 15. What’s ready for the cloud?  When the processes, applications and data are largely independent  When the points of integration are well defined  When a lower level of security will work just fine  When the core internal enterprise architecture is healthy  When the Web is the desired platform  When cost is an issue  When the applications are new ©Jean Pawluk Courtesy and Copyright of David Linthicum 09/24/2009 Jean Pawluk 15
  • 16. Cloud Computing Services Players:  Infrastructure - Computing infrastructure, typically a platform virtualization environment, as a service  Full virtualization (GoGrid, Skytap)  Grid computing (Sun Grid)  Management (RightScale)  Compute (Amazon Elastic Compute Cloud)  Platform - The delivery of a computing platform, and/or solution stack as a service  Web application frameworks  Ajax (Caspio)  Python Django (Google App Engine)  Ruby on Rails (Heroku)  Web hosting (Mosso)  Proprietary (Azure, Force.com)  Storage - Data storage as a service, billed on a utility basis, eg per gigabyte / month  Database (Amazon SimpleDB, Google App Engine's BigTable datastore)  Network attached storage (MobileMe iDisk, CTERA Cloud Attached Storage, Nirvanix CloudNAS )  Synchronization (Live Mesh Live Desktop component, MobileMe push functions)  Web service (Amazon Simple Storage Service, Nirvanix SDN) ©Jean Pawluk 09/24/2009 Jean Pawluk 16
  • 17. Cloud Computing Services Players (more) Business Services - Interoperable machine-to-machine interaction over a network accessed by other cloud computing components, or directly by end users  Identity (OAuth, OpenID)  Integration (Amazon Simple Queue Service)  Payments (Amazon Flexible Payments Service, Google Checkout, PayPal)  Mapping (Google Maps, Yahoo! Maps)  Search (Alexa, Google Custom Search, Yahoo! BOSS)  Others (Amazon Mechanical Turk) Application - Cloud based software, that often eliminates the need for local installation  Peer-to-peer / volunteer computing (Bittorrent, BOINC Projects, Skype)  Web application (Facebook)  Software as a service (Google Apps, Salesforce)  Software plus services (Microsoft Online Services) ©Jean Pawluk 09/24/2009 Jean Pawluk 17
  • 18. What’s not ready for the cloud?  When the processes, applications and data are largely coupled  When the points of integration are not well defined  When a high level of security is required  When the core internal enterprise architecture needs work  When the application requires a native interface  When cost is an issue  When the applications are legacy Courtesy and Copyright of David Linthicum ©Jean Pawluk 09/24/2009 Jean Pawluk 18
  • 19. What’s not ready for the cloud? (more) 1. Work which depends on sensitive data normally restricted to the Enterprise  Employee Information - Not ready to move enterprise info into a public cloud with high sensitivity of the data  Health Care Records – Do not move until the security of the cloud provider is well established 2. Work composed of multiple, co-dependent services  High throughput online transaction processing 3. Work requiring a high level of auditability, accountability and regulation  Work subject to Sarbanes-Oxley 4. Work based on 3rd party software which does not have a cloud aware licensing strategy 5. Work requiring detailed chargeback or utilization measurement as required for capacity planning or departmental level billing 6. Work requiring customization (eg customized SaaS) ©Jean Pawluk 09/24/2009 Jean Pawluk 19
  • 20. Security Questions – They go on & on … Shared Infrastructure Massively scalable • As we open up systems, can we • Where does our data reside? expect the same security, In a foreign country? reliability, & availability? Mobility & Flexibility • Who are you sharing that server • Will vendor relationship with? management hamper Consumption-based pricing mobility? • What happens if you don’t pay • Can any “fly-by-night” coder your bill? Do you lose your & service be a cloud? data? • Will we see service brokers • How do we control and monitor emerge? consumption? Internet-based & easily Improved Business Continuity accessible • What infrastructure is the • Will the cloud enable an applications running on? increase of shadow IT? • What protection do we have against outages? ©Jean Pawluk • What legal recourse do we have? 09/24/2009 Jean Pawluk 20
  • 21. Cloud Security - Areas of Concern  Information lifecycle management  Governance and Enterprise Risk Management  Compliance & Audit  General Legal  eDiscovery  Encryption and Key Management  Identity and Access Management  Storage  Virtualization  Application Security Trust Time Bomb  Portability & Interoperability  Data Center Operations Management  Incident Response, Notification, Remediation  "Traditional" Security impact (business continuity, disaster recovery, physical security) ©Jean Pawluk 09/24/2009 Jean Pawluk 21
  • 22. Back to the Future: Co-existing delivery models ? Security Issues will occur crossing between private Service Consumers and public use Services Services Services Service Integration Service Integration Service Integration Traditional Public Private Cloud Enterprise IT Clouds Enterprise  Mission Critical  Test Systems  Variable Storage  Packaged Apps  Storage Cloud  Software as a Service  High Compliancy  Developer Systems  Web Hosting ©Jean Pawluk SAAS, IAAS & PAAS Public / Private Example 09/24/2009 Jean Pawluk 22
  • 23. Summary  Cloud Computing is real and transformational  Cloud Computing can be secured but also can carry increased risk due to aggregation of assets  Cloud needs • Broad governance approach • Tactical fixes  Know that there is “no free lunch” ©Jean Pawluk 09/24/2009 Jean Pawluk 23
  • 24. Bridge the chasm from now to future…  Take the time now to tackle future issues:  Practical, technical issues are addressed  Security issues are addressed  Confidence will increase as Cloud Computing evolves and mainstreams lifecycle  Hype reduces over time So don’t rush…think and do it right ©Jean Pawluk 09/24/2009 Jean Pawluk 24
  • 25. Cloud Security Alliance Call to Action  Discussions & announcements on LinkedIn  Join us, help make our work better  Other research initiatives and events being planned • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: Cloud Security Alliance group www.linkedin.com/groups?gid=1864210 ©Jean Pawluk 09/24/2009 Jean Pawluk 25