cloud computing panel - nycla

© 2010 Raj Goel [email protected] | 917.685.7731 1

Brainlink International, Inc.IT Management & Solutions

Chief Technology OfficerBrainlink International, Inc.

Head In The Clouds? Implications of Cloud Computing Head In The Clouds? Implications of Cloud Computing Public ForumPublic Forum

Raj Goel, CISSPRaj Goel, CISSP



First Cloud Application?First Cloud Application?

Voicemail

- Similarities to clouds today

- What have we learned from the history of Voicemail that might apply to clouds?



The “Voicemail Cloud” Killer AppThe “Voicemail Cloud” Killer App

Where is your voicemail stored?

Do you know? Do you care?

Tired: Voicemail as attachment

Wired: Voicemail as trans*!@&#!cription



Are you Googling Your Privacy Away?Are you Googling Your Privacy Away?

http://www.brainlink.com/news/138/24/Is-Your-Company-Googling-its-Security-and-Privacy-Away-Raj-Goel-investigates.html

https://www.box.net/shared/9gl5t6pi5p



Pre-cursor to the Internet CloudPre-cursor to the Internet Cloud

GeoCities

- Similarities

- Lessons learned



Could DiddyCould Diddy

Google

- Google Search

- Gmail



Modern CloudsModern Clouds

Amazon AWS, StrataScale, IBM, etc.

Saas?

RackSpace?

Joe’s Cloud-in-a-can?



Business Continuity ChallengesBusiness Continuity ChallengesClouds have better uptime than internal

servers

But…

Where’s your backup when the cloud runs dry?



Facebook your country's security away...Facebook your country's security away...

Farce of the Facebook spy: MI6 chief faces probe after wife exposes their life on Net

“ MI6 faced calls for an inquiry last night after an extraordinary lapse of judgment led to the new head of MI6's personal detailsbeing plastered over Facebook.

Millions of people could have gained access to compromising photographs of Sir John Sawers and his family on the social networking website. ...“

http://www.dailymail.co.uk/news/article-1197757/New-MI6-chief-faces-probe-wife-exposes-life-Facebook.html



Business Continuity ChallengesBusiness Continuity ChallengesMost clouds are digital roach motels.

- Migrating data – somewhat easy

- Migrating applications or functionality?



Regulatory and Liability ChallengesRegulatory and Liability ChallengesUse Gmail/YahooMail/etc. for email

- HIPAA, PCI, Red Flag violations?

- How do you subpeona gmail?

- Perform eDiscovery?



Regulatory and Liability ChallengesRegulatory and Liability ChallengesUse MS HealthVault, GoogleHealth

- HIPAA violations?

- How do you correct errors?

- Same process as Credit Bureaus (TRW, Equifax, etc)

See the Google Health Presentation at http://www.brainlink.com/raj_speaks.html



Regulatory and Liability ChallengesRegulatory and Liability ChallengesWho is responsible for security of data?

Freezing data or apps in case of litigation hold?

Chain Of Custody?



Crystal BallCrystal BallClouds are here to stay

Will take years to define what it really means

New name for old game – managed hosting, outsourced IT, etc.

Law is 10 years behind the technology



Next StepsNext StepsDetermine where the cloud makes sense in your

business.

- Don’t throw corporate jewels in the cloud (yet)

- Don’t ignore clouds – they add competitive value

- Ensure IT, Compliance and Business Continuity/Disaster Recovery are on the same page



Raj Goel, CISSP, is an Oracle and Solaris expert and he has over 20 years of experience in software development, systems, networks, communications and security for the financial, banking, insurance, health care and pharmaceutical industries. Raj is a regular speaker on HIPAA, Sarbanes-Oxley,PCI-DSS Credit Card Security, Information Security and other technology and business issues, addressing diverse audiences including technologists, policy-makers, front-line workers and corporate executives.

A nationally known expert, Raj has appeared in over 20 magazine and newspaper articles worldwide, including Entrepreneur Magazine, Business2.0 and InformationWeek, and on television including CNNfn and Geraldo At Large.

Raj has been published in Informatiion Security Magazine and Commercial Property News.

[email protected] 917-685-7731

www.brainlink.comwww.linkedin.com/in/rajgoel



Audience QuestionsAudience QuestionsWhat is Google Scanning?

Can they scan what’s in my GoogleDocs?

(This is what I think the questioner said. Audio pickup was muffled)



Audience QuestionsAudience QuestionsI heard Google’s head of privacy say that they

can’t tell where the information is stored. They say they can’t delete information.

Why can’t they do that? I think that’s a lie.




Audience QuestionsAudience QuestionsI heard they [Google] don’t delete data is so they

can analyze the logs.




Panel DiscussionPanel DiscussionProblems with data leakage;

How data collectors are selling data and metadata to law enforcement.



Audience SuggestionAudience SuggestionYou can protect yourself by encrypting data.

Response:

How metadata analysis defeats privacy settings and encryption.



Audience QuestionsAudience QuestionsWhat are the risks in Multi-tenancy

environments?

e.g. Websites on a shared server,

virtual servers on a shared server,

Servers in a colocation facility




Raj Goel, CISSP, is an Oracle and Solaris expert and he has over 20 years of experience in software development, systems, networks, communications and security for the financial, banking, insurance, health care and pharmaceutical industries. Raj is a regular speaker on HIPAA, Sarbanes-Oxley,PCI-DSS Credit Card Security, Information Security and other technology and business issues, addressing diverse audiences including technologists, policy-makers, front-line workers and corporate executives.

A nationally known expert, Raj has appeared in over 20 magazine and newspaper articles worldwide, including Entrepreneur Magazine, Business2.0 and InformationWeek, and on television including CNNfn and Geraldo At Large.

Raj has been published in Informatiion Security Magazine and Commercial Property News.

[email protected] 917-685-7731

www.brainlink.comwww.linkedin.com/in/rajgoel

cloud computing panel - nycla

Documents