security in the cloud - cips and events/cips cloud control... · • project members • business...
TRANSCRIPT
![Page 1: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/1.jpg)
Security in the Cloud Cloud Control 5 September 2013
![Page 2: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/2.jpg)
The Procurement View
Carol-Anne Stonefield
Technology Procurement Manager
Direct Line Group
![Page 3: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/3.jpg)
Topics for Today
• Why opt for cloud?
• Understanding the Risks
• Proliferation and Control
• Data and Security
• Disaster Recovery and Back-up
• Standardisation
• Capacity and Integration
• Term, Exit and Lock-in
• Reliability and Remedies
• Costs
• Conclusion
![Page 4: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/4.jpg)
Why opt for cloud?
• Speed
• Flexibility
• Easy
• During periods of change/freeze
• Avoids direct infrastructure investment
• Bypass IT
![Page 5: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/5.jpg)
Understanding the Risks
Understand what you are putting in the cloud!
![Page 6: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/6.jpg)
Proliferation and Control
• How many cloud providers do you have? Are you sure?
• Duplication
• Who has your data?
• Due diligence
• Management and administration
• Tactical (long-term) solutions
CONTROL!
![Page 7: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/7.jpg)
Data and Security
• How is the data stored?
• Who is storing the data?
• What type of data is stored?
• Where is the data stored?
• DPA, PCI and your organisation’s responsibilities
• Data retention
• Security testing and audits
• Reputational damage
![Page 8: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/8.jpg)
Disaster Recovery and Back-up
• Provider’s DR processes
• Impact of a DR event
• DR recovery times
• DR location
• Back-up frequency obligations
![Page 9: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/9.jpg)
Standardisation
One size does fit all!
![Page 10: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/10.jpg)
Capacity and Integration
• Capacity
• Understand the limits
• Capacity overload – what happens next?
• Integration
• Is it really plug and play?
• Compatibility
• Upgrades
![Page 11: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/11.jpg)
Term, Exit and Lock-in
• Choosing the right term
• Understanding the supplier’s investments
• Migration of data
• Return of data
• Exit obligations
![Page 12: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/12.jpg)
Reliability and Remedies
• Reliability and availability
• Calculating availability
• Reporting
• Service credits
• Regulatory implications
• Reputational risk
![Page 13: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/13.jpg)
Costs
• Understanding the complete package
• Volumes, users, capacity and set-up
• Committed volumes
• Flexible options
• Volume/capacity increases
• Reaching maximum capacity or volumes
• Term commitments
• Renewal fees
![Page 14: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/14.jpg)
Advice from within
You’re not alone!
• IT Security
• Information specialists
• Project members
• Business users
• CIPS papers
![Page 15: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/15.jpg)
Conclusion
Cloud solutions will continue to grow and evolve
Understand the risks
Go in with your eyes open!
![Page 16: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/16.jpg)
The Legal View
Jason McQuillen
Principal at radiant.law
+44 751 358 5596
![Page 17: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/17.jpg)
16
![Page 18: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/18.jpg)
17
![Page 19: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/19.jpg)
18
![Page 20: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/20.jpg)
19
Encryption
Penetration testing
![Page 21: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/21.jpg)
20
![Page 22: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/22.jpg)
21
![Page 23: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/23.jpg)
22
![Page 24: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/24.jpg)
23
![Page 25: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/25.jpg)
24
![Page 26: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/26.jpg)
25
![Page 27: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/27.jpg)
The art of the possible
Alex Hamilton
Principal at radiant.law
+44 7734 908 207
![Page 28: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/28.jpg)
You can have any colour….
…. as long as it’s black
![Page 29: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/29.jpg)
Private Cloud Public Cloud
£ Large/ High Leverage
£ Small/ Low Leverage
![Page 30: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/30.jpg)
Private Cloud Public Cloud
£ Large/ High Leverage
IT Outsourcing Agreement - Negotiable
Customer paper
£ Small/ Low Leverage
IT Services Agreement - Negotiable
Supplier paper
![Page 31: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/31.jpg)
Private Cloud Public Cloud
£ Large/ High Leverage
IT Outsourcing Agreement - Negotiable
Customer paper
£ Small/ Low Leverage
IT Services Agreement - Negotiable
Supplier paper
Risk analysis Supplier paper
![Page 32: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/32.jpg)
Private Cloud Public Cloud
£ Large/ High Leverage
IT Outsourcing Agreement - Negotiable
Customer paper
Negotiable Supplier paper
£ Small/ Low Leverage
IT Services Agreement - Negotiable
Supplier paper
Risk analysis Supplier paper
![Page 33: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/33.jpg)
Supplier Customer
standardisation policy requirements
![Page 34: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/34.jpg)
Supplier Customer
standardisation policy requirements
margins total cost of ownership
![Page 35: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/35.jpg)
Supplier Customer
standardisation policy requirements
margins total cost of ownership
systemic exposure material penalties
![Page 36: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/36.jpg)
Supplier Customer
standardisation policy requirements
margins total cost of ownership
systemic exposure material penalties
guaranteed revenue flexibility
![Page 37: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/37.jpg)
Supplier Customer
standardisation policy requirements
margins total cost of ownership
systemic exposure material penalties
guaranteed revenue flexibility
ability to evolve certainty
![Page 38: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/38.jpg)
Supplier Customer
standardisation policy requirements
margins total cost of ownership
systemic exposure material penalties
guaranteed revenue flexibility
ability to evolve certainty
speed to contract fitness for purpose
![Page 39: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/39.jpg)
![Page 40: Security in the Cloud - CIPS and Events/CIPS Cloud Control... · • Project members • Business users • CIPS papers Conclusion Cloud solutions will continue to grow and evolve](https://reader034.vdocuments.net/reader034/viewer/2022050518/5fa1b2e985241f1e9e6b0a4d/html5/thumbnails/40.jpg)
Panel Discussion
• Khurram Ijaz
• Carol-Anne Stonefield
• Alex Hamilton
• Anna Cook