etsi -standards in the cloud mobile internet and cloud...
TRANSCRIPT
ETSI - Standards in the
cloud
Mobile internet and
cloud computing
Senior Director, Europe Technical Sales
Adam Heywood
Presenter BiographyAdam Heywood
Adam Heywood is Senior Director of Technical Presales for CA Technologies
security management business in EMEA. Adam has worked in the enterprise IT
infrastructure market place for over 25 years, most recently he joined CA
Technologies through the acquisition of Netegrity and has over 12 years’
experience in the IT security management marketplace. Internally to CA Adam experience in the IT security management marketplace. Internally to CA Adam
provides detailed and trusted input to the development and product
management organisations, influencing solution directions and plans. Adam
also plays an active role in supporting CA Technologies customers and is able
to provide honest and constructive input at many levels, from business
requirements and drivers, through solution propositions, to technology
details. Adam acts as a trusted advisor to many Fortune 100 companies and
public sector agencies around their security strategy and technical
architecture.
As for all major technology shifts, Cloud computing offers a vast array of opportunities and poses a number of
questions, from policy, technology, business and usage perspectives.
— The technology shift ('ubiquitous computing') poses the questions of new value chains and respective roles
of market players both in the infrastructure segment as well as for the applications/services segments;
— The markets currently shaping up pose questions with regards to policy, regulation and standards: how to
best enable the emergence of new ecosystems, support innovation while ensuring an adequate level of
interoperability and consumer protection?
The borderless nature of the cloud ('where is the data?') poses questions with regards to data security, data
privacy, jurisdictions and liability.
Event/Workshop background….
privacy, jurisdictions and liability.
Standards are only part of the equation, but an essential one, because they contribute to creating an
interoperable environment of transparency, reliability and accountability and ultimately confidence for all the
agents in the process of cloud adoption. Yet cloud computing standards also need to take into account policy
and regulatory requirements, which add to the challenge for all stakeholders involved in the process.
The EU and the US are both engaged in large scale efforts to devise standards for cloud computing be it at
infrastructure, service or application level.
In order to support this dialogue, an EU-US event on standards for cloud computing is co-organized by the EC
and ETSI in partnership with NIST, EuroCIO and Eurocloud.
3 [Insert PPT Name via Insert tab > Header & Footer] Copyright © 2011 CA. All rights reserved.October 3, 2011
GOALS OF THIS WORKSHOP
— Drill down the issues of standards for cloud computing from 3 major angles
* Policy
* Industry and markets (supply and demand side)
* Standards and interoperability
— Gather elements to devise a standards roadmap for EU, including priorities, players and processes
EXPECTED OUTCOMES AND DELIVERABLES
— Inventory of major policy issues and their impact on standards-making
— Inventory of Industry agenda/requirements
Event/Workshop goals….
— Inventory of Industry agenda/requirements
— Mapping of existing standards landscape
— Next steps and priorities for an EU/US cooperation on cloud standards
WHO SHOULD ATTEND?
— Policy makers
— CIOs ITC industry and service companies
— Standardization strategists
— Business development leaders
— Public Affairs managers
12-15 Minute speaking slot on “Mobile internet and cloud computing” in
Stream #2 Services and Applications
4 [Insert PPT Name via Insert tab > Header & Footer] Copyright © 2011 CA. All rights reserved.October 3, 2011
The meeting willl take place at CICA
2229, route des Crêtes
06560 Valbonne Sophia Antipolis
France
Access map
Event/Workshop location…
Access map
5 [Insert PPT Name via Insert tab > Header & Footer] Copyright © 2011 CA. All rights reserved.October 3, 2011
Abstract
Mobile internet and cloud computing
Clearly clouding computing has arrived, impeding its adoption are concerns
about security, and more specifically identity & access management; who
owns the identity, how is it trusted, what can the identity access, etc. Another
clear trend is consumerisation and mobile computing, no longer are access
devices managed and wholly trusted, but their use needs to be allowed, devices managed and wholly trusted, but their use needs to be allowed,
understood, and controlled.
Is traditional Identity and Access Management still relevant and sufficient to
meet the demands of mobile internet and cloud computing? This
presentation is intended to discuss these challenged and pose potential
opportunities to address them.
I am going to discuss the elephant in the room…
Cloud Security
Cloud adoption concerns: *87.5% rate cloud security issues as “very significant”
* IDC Survey
#1 area that needs focus for migration to the Cloud?Identity and Access Management (IAM) !
47%
50%
Business continuity and disaster recovery
Identity and access management
The top five critical areas of focus for organizations migrating to
the cloud environment Important & very important response
for US and Europe combined
Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute.
39%
40%
46%
47%
0% 10% 20% 30% 40% 50%
Encryption and key management
Compliance and audit
Procedures for electronic discovery
Business continuity and disaster recovery
Why is Identity and Access Management (IAM), cloud and mobile access more Important than ever?
Nearly 90 percent of organizations surveyed expect t o maintain or grow their usage of software as a servi ce (SaaS), citing cost-effectiveness and ease/speed of deployment
SaaSAdoption
Over 70% people surveyed believe authentication ef fects the degree of customer trust in the security offere d.
Customer Confidence
By the end of 2013 mobile worker population is expe cted to exceed 75% and to 1.19bn globally.Tablet PCs will outsell Netbooks and Desktops by 2 013(iPADS outsold Macs by 2 to 1 in 2010 – 2011).
Mobile Workforce and ITConsumerisation
the degree of customer trust in the security offere d.Confidence
IncreasingeCrime
More than 11 million adult consumers became victims of identity fraud in 2009, up from nearly 10 million i n 2008. The number of fraud victims rose for the secon d year in a row
Regulatory Pressures
Organizations that regularly review and maintain regulatory and standards compliance spend about t hree times less annually than organizations that fall out of compliance .
Information Explosion Cloud Data Volumes are increasing Exponentially at a factor of x250 per annum
What do we really mean by Identity and Access Management in a
mobile internet and cloud computing context?
Is ‘Identity and Access Management’ sufficient for mobile Internet and cloud computing?
Identity Management who are you? Do we trust you? Do we believe it is you this
time? Does each provider need to have its own identity
data/context?
Can Identity and Access Management deliver what is required of
mobile Internet and cloud computing?
IAM typically does not take into consideration geo-location/context, or the
content of what is actually being accessed.
Access Management to what? To allow access does this mean we need to have
your identity? Do we need to understand where you are? Do
we need to understand what device you are using?
— Is ‘Identity management’ in a cloud context sufficient?
− Does each provider need to maintain identity data? What about geo
data compliance?
− Can Identity, credentials, location, device, be represented by ‘level of
trust’ (Risk score) ?
Identity and Access Management for mobile Internet and cloud computing questions…
— Is access management for access to a cloud resource still
relevant?
− At a course level possibly
− However, the content of what is being accessed is probably more
important than where it is located.
—Can management of Identity and Access be abstracted across
all environments and providers?
Consider building security frameworks/guidelines/standards:
1. for how identity/context trust is derived, where appropriate leveraging
other trust frameworks, including
− Device
− Identity
− Credentials used
Identity and Access Management for mobile Internet and cloud computing, a possible answer…
− Credentials used
− Geo location
− Etc…
That defines level of trust - Risk
2. for how content of what can be accessed is classified - Classification
These tools allow of the definition and management of policies that specifies
that to access content classified as ‘Secret’ the level of trust has to be greater
than or equal to ‘Security cleared’.
ETSI - Standards in the
cloud
Mobile internet and
cloud computing
Questions…