cloud security boundaries
DESCRIPTION
Here is a quick presentation of ideas I used for a job interview last year.TRANSCRIPT
![Page 1: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/1.jpg)
Corporate IT Systems & Services
Richard | Diver 16th June 2011
…to the Cloud
Security considerations for migrating
![Page 2: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/2.jpg)
Cloud computing: security
Computer Security
Network Security
Information Security
People
Technologies
Process
![Page 3: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/3.jpg)
Boundaries
We are moving the boundaries of security, administration,
responsibility, and scalability
![Page 4: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/4.jpg)
Boundaries
![Page 5: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/5.jpg)
Security concerns with current trends in IT:
Flexibilityusers want more control over where they work, how and when. Data in the cloud is easier for them to access than connecting to the corporate network, and cheaper for the company too.
![Page 6: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/6.jpg)
Boundaries
![Page 7: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/7.jpg)
Security concerns with current trends in IT:
New devices & BYO
with consumerisation of IT we are seeing new device types enter the market, which themselves may not be secure, certainly not as secure as your corporate managed Windows 7 clients.
![Page 8: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/8.jpg)
Boundaries
![Page 9: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/9.jpg)
Does all the data stay in your datacentre, or is it replicated to the clients?(email, documents etc)
How good is your security? Really!
![Page 10: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/10.jpg)
Boundaries
![Page 11: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/11.jpg)
What do we care about most?
integrity vs. confidentiality vs. availability
• With hosted solution, physical security increases, as does operational efficiency. Requirement for deep skills in servers, network and storage are decreased
• This leaves your own team to focus on business support activities, providing the services critical to keeping the business driving forwards.
![Page 12: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/12.jpg)
Secure Your Cloud Architecture: Step-by-Step
1. Establish service-oriented architecture (SOA) to ensure that we can safely relocate each component
2. Use federated identity management to ensure every user is known at every point in the cloud
3. Assign roles and other attributes to each user to verify data-access claims
4. Assign access-control rules to applications and data that can move with them to the cloud
5. Authorize access to applications and data based on verified user-access claims
![Page 13: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/13.jpg)
In summary we need to:
• Identify the stages of our Information Lifecycle
• Clearly define roles and responsibilities, create Data Governance policies
• Understand the benefits and the true costs, legal & compliancy implications and risks
• Rethink our security policies to cover new aspects of IT
• Partner with the right service providers, that we can trust
• Use the Cloud service to increase organisational security and resilience
OUR data, our responsibilityeven when in the cloud!
![Page 14: Cloud security boundaries](https://reader036.vdocuments.net/reader036/viewer/2022081401/55877613d8b42a736f8b466e/html5/thumbnails/14.jpg)
Questions?