Download - The Cloud Cube
The Benefits of the Cloudsor
Avoiding The Cloud Trap!
Adrius42
Recording some of the Jericho Forum thinking as it is Thunk!
Then decide to which type of Cloud you want to move?
F I R S T C L A S S I F Y Y O U R D A T A !!! Determine what rules MUST apply to it.
Must it only exist in specific trust levels? For example can it leave Europe?
Does it have to stay in Safe Harbours?Must it stay in Europe?
We need a universal data classification model that is simple (cf G8 TLP)We need a recognised trust level standard for all aspects of computing We need standardised meta data that signals to “cloud security” the data’s security needs
Then decide do you want to move to the Clouds
To Cloud or Not to Cloud?
Clouds
Traditional
Then decide what data you want to allow in the Clouds
With what degree of translucency
For all Clouds are not equal...
Fully automatedData Redundancy
Fully automatedDisaster Recovery
Fully automatedData Backup and
Recovery
Massively Scalable
Fully automatedSystem Redundancy
Full on Clouds this way >>>>>
<<<< Same old Traditional Approach
Self owned Disk StorageData Redundancy ...sometimes
Warmish Back up Data CentreFor Disaster RecoverySignificant switching impactAnd testing costs
Tapes sent by TruckData Backup andRecovery variable risk
ManualSystem Recovery
Then decide what level you want to operate in the Clouds
Cloud Layers
Process
Software
Platform
Infrastructure
Outcome / ValueA
b s
t r
a c
t I
o n
o
c c
u r
s
h e
r e
!
1st
2nd
3rd
Last!
Orc
hest
ratio
n
Security and IdA
M
Then decide to which form of Cloud you want to move
Cloud Forms
Internal
External
Cloud Forms
Proprietary Open
Cloud Forms
Proprietary Open
Internal
External
Cloud Forms
Perimeterised
Deperimeterised
To get through here you need a
Collaboration Oriented
Architecture and the Jericho Forum Commandments
Cloud Forms
Perimeterised
Deperimeterised
Proprietary Open
Internal
External
Cloud Forms
Perimeterised
Deperimeterised
Proprietary Open
Internal
External
We need inter cloud “IPI” standards... especially those that enable Collaboration.IPI=“Information Programming Interface” There has to be a better name!!!
Cloud Patterns
Perimeterised
Deperimeterised
Proprietary Open
Internal
External
Recognise some pathways between Clouds will be easier to enable than others!
Cloud Patterns
Perimeterised
Deperimeterised
Proprietary Open
Internal
External
...and ”then” ensure the controls you require are
available in the Clouds... ...Oops!!!
You mean “Cloud Security Central”
doesn’t exist?
Cloud Layers
Process
Software
Platform
Infrastructure
Outcome / ValueA
b s
t r
a c
t I
o n
o
c c
u r
s
h e
r e
!
1st
2nd
3rd
Last!
Orc
hest
ratio
n
Security and IdA
M
Cloud Maturity Scale
We haven’t even identified all the needs yet.
Bread Crumb DetectorBread Crumb Hoover
Cloud Identity Services
and their ProvidersWhat about Trust Levels?
Proposed Individual Trust LevelsTrust Intent Impact Trust Level Authentication PhysicalLevel Label Activity World equiv
T0 Stay None Anonymous None - Unidentified
T1 Self Insignificant Self Asserted None PseudonymAssertion*
T2 Proof Minor Document Verified Authenticated: Proof of Abodeof Identity Name, Address, Age Electricity
Bill
T3 T2+ Ability Major Legally/ Financially Authenticate Credit Credit Card to Commit Verified Worthiness and / Pay
Payment Method
1Pay* Ability to Pay Varied Single use Authenticate Credit a single Financially Worthiness and Single Cashtransaction Verified Use Payment Method
T4 T2+ Material Government Government Passport Gov Id Verified
T5 Protect Catastrophic Military Grade Positive Vetting Security Lives Clearance*1Pay: Can be appended to any Trust Level