are there risks in the cloud? cloud telephony€¦ · cloud telephony. dion kotteman introduction...

Are there risks in the Cloud?

• Dion Kotteman

• Executive Advisor Ministry of Finance• Former CIO Dutch Central Government

• Rotterdam, 29th of September 2015

1

Cloud telephony

Dion Kotteman

Introduction

Dion Kotteman Security and Cloud Computing

2

• Member of the Steering Board of the European Cloud Partnership

• Former CIO of the Dutch Government

• Author of management books


Content• - The Euopean view• - What is it and what sort of risks are we talking about?• - What risks are in the hearts and minds? The psychology.• - A Dutch example

The Cloud in Europe• Steering board of the European Cloud Partnership (EU)

• For citizens, public administrations and businesses• “4 million jobs by 2020”• Goal, amongst others : better security!• Through the Trusted Cloud Europe Framework• To digital leadership• A new paradigm is SHARING: e.g. scientific research by sharing

data through the cloud, and multiplying the relevance.


Reasons for Cloud Computing• Cloud as an enabler for economic growth• Like for SME’s (small businesses) get cheap access to high

performance IT solutions• Reduce capital spending: pay for what you use• And (!) security.


The Dutch Cloud Strategy ->

What is it?

• Cloud = delivering IT Services from linked computers, without identifying them technically.

• That means:• A full service delivery concept • Pay-per use (makes it cheaper)• Quick time to market (easy scalability)• Virtualisation techniques, distinguishable layers of infrastructure,

platform and software as a service, The technoloy has to be perfect: high availability and highly reliable

• It is disruptive technology, and here to stay• Some call it the Third Industrial Revolution


Related• Big Data• Internet of Things• Disruptive technology• It won’t go away, so be prepared• Patriot Act


Riscs• The cloud comprises riscs³:• Elements:

1. computer2. network3. information

•. Due to virtualisation this is integrated and tripled!•. The user fully relies on the provider, but through scale he can be

more professional than you on your own.


B

ITIT

ITBB

Business – IT alignement


Security developments• Compare the car industry: trial and error


Cloud is also psychology!• A perceived vulnurability of data in the cloud (report steering

board)So: • How safe is your present datacentre? • What is the pre-cloud security policy?• Do your employees send data home, and how?• The feeling: where are my data?• Are your data mixed up with other data?


Dutch Example• Coupling datacentres• Using existing datanetworks, Patchwork approach.• Security as a high priority• Reducing costs• Low project costs


From 64 to 4 datacentres• Central governments four new data centres and network

connectivity together form the foundation of the Central Government Cloud


Integrating existing programmes into the Cloud

1.Changing 64 datacentres to 42.The path is gradual: ->housing, -hosting, rationalisation. IAAS as a

first move. A psychological approach3.Infra structure upgrade

•. The “cloud” is the backbone + points of presence, growing.


LEGACY and specific

CLOUDSPECIFIC

CLOUD GENERIC

Central Governemental

Cloud

Strategy per segment, enabling gradual growth.


Measures• IAM must be organised as a pre condition• Physical security must be up to date (by taking advantage of the

scale)• Personnel security• Masking privacy data• Data recovery• Audit trails• Compliance

• But: fairly straight forward!


are there risks in the cloud? cloud telephony€¦ · cloud telephony. dion kotteman introduction...

Documents