cloud security: trust and transformation

14
Trust and Transformation: The Compelling Case for the Cloud Peter Coffee VP / Head of Platform Research salesforce.com inc.

Upload: peter-coffee

Post on 08-May-2015

1.309 views

Category:

Technology


1 download

DESCRIPTION

Common concerns regarding cloud security are increasingly being recognized as speculative cases, compared to the reality of how IT governance often fails in traditional on-premise environments: failure modes that the cloud model greatly offsets

TRANSCRIPT

Page 1: Cloud Security: Trust and Transformation

Trust and Transformation:The Compelling Case for the Cloud

Peter CoffeeVP / Head of Platform Researchsalesforce.com inc.

Page 2: Cloud Security: Trust and Transformation

Culture & EducationPolitical Campaigns & Advocacy

Economic Development

Defense & Public Safety

Health & Human Services

General Government Transportation

Science & Environment

Public Clouds of Public Trust:The End of ‘Forbidden Zones’

Page 3: Cloud Security: Trust and Transformation

Cloud Objections Are Being Addressed

Security: American Bankers Association blog says an enterprise

should “verify that any outsourcing partner meets its standards.

However, once verified, a cloud partner can actually provide

greater security.”

Capacity / Availability:– Overall service portfolio routinely exceeds 600M transactions/day

– Availability routinely > four 9s, converging on 24 × 365 operations

Compliance: United States’ National Institute of Standards and

Technology says cloud-resident data “can be more available, faster

to restore, and more reliable… [and] less of a risk than having data

dispersed on portable computers or removable media.”

Page 4: Cloud Security: Trust and Transformation

Best Practices Matter More than Data Location

"There are five common factors that lead to the compromise of database information":

• ignorance

• poor password management

• rampant account sharing

• unfettered access to data

• excessive portability of data

DarkReading.com, October 2009

Page 5: Cloud Security: Trust and Transformation

Trusted Advisors Recommend the Cloud

Potential benefits from transitioning to a public cloud computing environment:

• Staff Specialization• Platform Strength• Resource Availability• Backup and Recovery• Mobile Endpoints• Data Concentration

Page 6: Cloud Security: Trust and Transformation

Password security policies Rich Sharing Rules User Profiles SSO/2-factor solutions

Login… Authenticate…Apply Data Security Rules… View Filtered Content

Force.com was designed from Line 1……to be “Shared and Secure”

Page 7: Cloud Security: Trust and Transformation

Granular Privilege Assignment+ Expanding Ecosystem of Management Tools

Page 8: Cloud Security: Trust and Transformation

All Assets Secured, All the Time

Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients…

Multitenancy is here to stay. Our research and analysis indicates that multitenancy is not a less secure model — quite the opposite!

Page 9: Cloud Security: Trust and Transformation

Data protection regulations– Where can it be stored?

– Who’s allowed to see it?

Peel the onion of ‘compliance’– Anonymize/encrypt/partition specific fields

– Cloud disciplines can enhance auditability

• Role-based privilege assignment

• Actions taken using granted privileges

Looking beyond the FUD– USA PATRIOT Act sometimes causes concern about powers of US

government to access data

– Limited to information-gathering related to matters of urgent national security

– Use of USA PATRIOT Act requires involvement by all three branches of the

US government

– Many other countries, including in Europe, have very similar powers

Data Stewardship is a Practice, not a Technology

Page 10: Cloud Security: Trust and Transformation

Trust is Earned by Transparency

Page 11: Cloud Security: Trust and Transformation

Continued Availability Improvement

Winter ’12 release: downtime reduced to 2 hours Further reduction of maintenance downtime in FY13

“Great work reducing the pain of the quarterly upgrade so dramatically. The difference to our business between 2 or 3 minutes of downtime and 2 or 3 hours can’t be overstated.”

Spring ‘11 Summer ‘11 Winter ‘12

Page 12: Cloud Security: Trust and Transformation

What is the organization’s mission?

What information supports that mission?

Where does it originate?

Who holds it?

Who can see it?

What events change it?

When is that important?

How do people know?

How can people act?

These are not new questions: NSA IAM introduced 2004

Becoming ‘Securely Social’

Page 13: Cloud Security: Trust and Transformation

Robust infrastructure security

Rigorous operational security

Granular customer controls– Role-based privilege sets

– Convenient access control & audit

“Sum of all fears” superset protection– Multi-tenancy reduces opportunities for error

– The most demanding customer sets the bar

– FISMA: FIPS 199 LOW and MODERATE

– PCI DSS Compliance Level 1

– Comprehensive and continuing audit and certification

Trust is Essential Enabler for Cloud Adoption

Page 14: Cloud Security: Trust and Transformation

Peter CoffeeVP / Head of Platform Research

[email protected]/peter.coffee

twitter.com/petercoffeecloudblog.salesforce.com