cloud security: trust and transformation
DESCRIPTION
Common concerns regarding cloud security are increasingly being recognized as speculative cases, compared to the reality of how IT governance often fails in traditional on-premise environments: failure modes that the cloud model greatly offsetsTRANSCRIPT
Trust and Transformation:The Compelling Case for the Cloud
Peter CoffeeVP / Head of Platform Researchsalesforce.com inc.
Culture & EducationPolitical Campaigns & Advocacy
Economic Development
Defense & Public Safety
Health & Human Services
General Government Transportation
Science & Environment
Public Clouds of Public Trust:The End of ‘Forbidden Zones’
Cloud Objections Are Being Addressed
Security: American Bankers Association blog says an enterprise
should “verify that any outsourcing partner meets its standards.
However, once verified, a cloud partner can actually provide
greater security.”
Capacity / Availability:– Overall service portfolio routinely exceeds 600M transactions/day
– Availability routinely > four 9s, converging on 24 × 365 operations
Compliance: United States’ National Institute of Standards and
Technology says cloud-resident data “can be more available, faster
to restore, and more reliable… [and] less of a risk than having data
dispersed on portable computers or removable media.”
Best Practices Matter More than Data Location
"There are five common factors that lead to the compromise of database information":
• ignorance
• poor password management
• rampant account sharing
• unfettered access to data
• excessive portability of data
DarkReading.com, October 2009
Trusted Advisors Recommend the Cloud
Potential benefits from transitioning to a public cloud computing environment:
• Staff Specialization• Platform Strength• Resource Availability• Backup and Recovery• Mobile Endpoints• Data Concentration
Password security policies Rich Sharing Rules User Profiles SSO/2-factor solutions
Login… Authenticate…Apply Data Security Rules… View Filtered Content
Force.com was designed from Line 1……to be “Shared and Secure”
Granular Privilege Assignment+ Expanding Ecosystem of Management Tools
All Assets Secured, All the Time
Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients…
Multitenancy is here to stay. Our research and analysis indicates that multitenancy is not a less secure model — quite the opposite!
Data protection regulations– Where can it be stored?
– Who’s allowed to see it?
Peel the onion of ‘compliance’– Anonymize/encrypt/partition specific fields
– Cloud disciplines can enhance auditability
• Role-based privilege assignment
• Actions taken using granted privileges
Looking beyond the FUD– USA PATRIOT Act sometimes causes concern about powers of US
government to access data
– Limited to information-gathering related to matters of urgent national security
– Use of USA PATRIOT Act requires involvement by all three branches of the
US government
– Many other countries, including in Europe, have very similar powers
Data Stewardship is a Practice, not a Technology
Trust is Earned by Transparency
Continued Availability Improvement
Winter ’12 release: downtime reduced to 2 hours Further reduction of maintenance downtime in FY13
“Great work reducing the pain of the quarterly upgrade so dramatically. The difference to our business between 2 or 3 minutes of downtime and 2 or 3 hours can’t be overstated.”
Spring ‘11 Summer ‘11 Winter ‘12
What is the organization’s mission?
What information supports that mission?
Where does it originate?
Who holds it?
Who can see it?
What events change it?
When is that important?
How do people know?
How can people act?
These are not new questions: NSA IAM introduced 2004
Becoming ‘Securely Social’
Robust infrastructure security
Rigorous operational security
Granular customer controls– Role-based privilege sets
– Convenient access control & audit
“Sum of all fears” superset protection– Multi-tenancy reduces opportunities for error
– The most demanding customer sets the bar
– FISMA: FIPS 199 LOW and MODERATE
– PCI DSS Compliance Level 1
– Comprehensive and continuing audit and certification
Trust is Essential Enabler for Cloud Adoption
Peter CoffeeVP / Head of Platform Research
[email protected]/peter.coffee
twitter.com/petercoffeecloudblog.salesforce.com