Post on 15-Sep-2015
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012
Hype Cycle Methodolgy
1
Hype Cycle for Cloud Security, 2012
Priority Matrix for Cloud Security, 2012
Three Styles of Securing Public/Private Cloud
Public Cloud
Private Cloud
Low Medium High
Security built into VM is used
Accept vendor security claims
Third-party security running on VM is used
Certification/ accreditation of system
Security is performed outside the VM
Security product certification
Security built into cloud is used
SAS 70 sufficient
Third-party security running in cloud is used
Custom/industry security assessment
Security is performed outside the cloud
No trust of the cloud
Security "Pressure"
Trust of the Cloud
Use Security Built Into the Cloud
Public Cloud
- Certification/assessment
SAS 70 is minimum gate, ISO 27001, FISMA
Community standards/shared assessments
- Security overlays
Private Cloud
- Virtualization infrastructure security features/acquisitions
- Common Criteria certification
Use Security Running in Cloud
Public Cloud
- Security workloads
- Native cloud security breakthroughs
- Hybrid models
Private Cloud
- Virtualized security products
- Separation of duties
Keep Security Separate From the Cloud
Public Cloud
- Security as a service
- Security in the "other" Cloud telecom
- Trusted intermediaries
Private Cloud
- VMsafe API, other externalization approaches
- Virtual network integration
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012