in the cloud how to address security in the cloud
TRANSCRIPT
In the Cloud
How to Address Security in the Cloud
In the Cloud
How to Address Security in the Cloud
Panelists: Moderator – Steve Campbell, Contributing Editor HPC in the Cloud.
Managing Partner Orion Marketing
Yoram Baltinester, CEO, Balti Group Consulting David Chou, Technical Architect, Microsoft John Gormally, Client Relationship Manager, Citrix Matt Stamper, Vice President of Professional & Security Services,
Castle Access Patrick Sweeney, Vice President, Product Management, SonicWALL Jonny Wilkinson, Director of Product Management, Websense
In the Cloud
In the Cloud
Security is Everywhere
In the Cloud
Multiple Definitions of Cloud Computing
4
…but underlying characteristics remain the same
“A model for enabling convenient on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
©2010 National Institute of Standards and Technology
“Consumer and business products, services and solutions delivered in real-time over the Internet ..”
“Outsourcing part of your IT infrastructure or workflow through a web (or web-like) interface.”
In the Cloud
Why Cloud Adoption Gaining Momentum
Emerging
Intersect360 recent cloud study:•Top drivers: lower $/compute cycle, reduced infrastructure costs•Top barriers: Security, data movement, operational and managerial concerns, SLAs, security, exit costs, security, and security.
www.intersect360.com
In the Cloud
What’s Worrisome about the Cloud?
Not enough ability to customizr
Hard to integrate with in-house IT
Bring back in-house may be..
Lack of interoperability standards
May cost more
Perfromance
Availability
Security
70% 72% 74% 76% 78% 80% 82% 84% 86% 88%
Q. Rate the challenges/issues of Cloud model(scale: 1-5, 1=not at all concerned, 5=very concerned)
% responded 3, 4, 5Source: IDC Enterprise Panel
In the Cloud
Seven Deadly Sins
Top Threats
Abuse and Nefarious Use of Cloud Computing
Insecure Application Programming Interfaces
Malicious Insiders
Shared Technology Issues
Data Loss or Leverage
Account or Service Hijacking
Unknown Risk Profile
In the Cloud
Information Security - Infrastructure
Components of Information Security
Application Level
Host Level
Network Level
Information Security - DataEncryption, Data masking, Content
protection
Security Management and Monitoring Services
Monitor – Health, Security event, Threat
Management – VM Image, ACL, Vunerability, Patch, Configuration
In the Cloud
Summary / Recommendations Cloud security risks are unbiased to hosting strategies
• Gain cost and business benefits of cloud infrastructure services without compromising security
Key is managing risk in configuration, access control, network management and operational expertise
• Leverage security & application expertise of mature vendors – avoid configuring and maintenance cost
Properly managed cloud infrastructure provides better security than many enterprises
• More efficient deployment of scarce expertise• Look for layered defense based on security framework adapted
to requirements of cloud architectures
Head in the clouds, feet on the ground the business ‐side of security in the cloud
In the Cloud
In the Cloud
The Cloud FromTheory to Practice…
How to Address Security in the CloudModerator: Steve Campbell
09/23/10
In the Cloud
Thank You