OCDA U: SECURITY DATA PROTECTION

Matt Lowth (NAB)Ian Lamont (BMW)

®

AGENDA

2ODCA Data Security 2013 |

Topic

Discuss

Learning

Cloud Data Security

- Usage Scenarios- Data Security Challenges- Data Security Lifecycle

Learnings andTake-aways from this UM

TOPIC & UM BACKGROUND

The ODCA Contributor organizations have created this Usage Model to collaboratively identify ways in how they agree cloud data security should be managed, and so as to provide this as a clear message to the Cloud and Solution Providers, and to share with the general public

The Data Security UM addresses:

1. Concept2. Important enabling elements3. Usage Scenario’s4. Categorization of service

qualities in context of the UM

3ODCA Data Security 2013 |

UM CORE – KEY ELEMENTS

4

Different Security Methodology.Protecting the data versus protecting your perimeter?

Important to understand what you’re protecting?

Options to lower the sensitivity of the data by masking or encrypting it?

Ensure access and management of your data is logged and monitored.

Data Security Challenges

Data Classification

Data encryption &

masking

SIEM

ODCA Data Security 2013 |

COMMON ACCESS TYPES

5ODCA Data Security 2013 |

DATA SECURITY – USAGE SCENARIOS

6

What to think about before you move your data to the cloud?

How to get your data to the cloud.

How to access your data in the cloud.

How to Backup/Restore information from the cloud OR delete your data when you’re finished using it.

Transfer Preparations

Data Transfer

Data Access

Other Scenarios

ODCA Data Security 2013 |

KEY TAKEAWAYS FOR THIS UM

7

Your data is only as secure as your weakest link.

You need to consider what protection is necessary throughout your data’s lifecycle, not just protecting the information in transit.

Where does your data live?

It is difficult to apply appropriate protection to your data if you don’t understand the data’s sensitivity.

Develop Securely

Data Lifecycle

Data Sovereignt

y

Understand Your Data

ODCA Data Security 2013 |

KEY INDUSTRY ACTIONS (STANDARDS AND MORE)

8

Data security must comply with country-specific legal requirements. These requirements and their implications need to be clearly comprehended by providers and subscribers.

Are requested to submit input on the proposed data security criteria for the various assurance levels (Bronze, Silver, Gold, and Platinum).

Should examine their enterprises and understand the data security life cycle; then they should validate their findings by comparing them to the RFP questions.

Industry Wide

Cloud Provider

Cloud Subscriber

ODCA Data Security 2013 |

INFORMATION AND ASSETS

9

Available to Members at: www.opendatacenteralliance.orgURL for Public content: www.opendatacenteralliance.org

StandardizedResponse Checklists

Accelerate TTM

Shared Practices Drive Scale

Streamlined Requirements

Accelerate Adoption

ODCA Data Security 2013 |

QUESTIONS

10

www.opendatacenteralliance.org

UM: Cloud Data SecurityFrom engagement to real adoption and implementation

ODCA Data Security 2013 |

© 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.