2.Felix Enescu - Cloud Security v01
Click here to load reader
Transcript of 2.Felix Enescu - Cloud Security v01
-
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012
-
Hype Cycle Methodolgy
1
-
Hype Cycle for Cloud Security, 2012
-
Priority Matrix for Cloud Security, 2012
-
Three Styles of Securing Public/Private Cloud
Public Cloud
Private Cloud
Low Medium High
Security built into VM is used
Accept vendor security claims
Third-party security running on VM is used
Certification/ accreditation of system
Security is performed outside the VM
Security product certification
Security built into cloud is used
SAS 70 sufficient
Third-party security running in cloud is used
Custom/industry security assessment
Security is performed outside the cloud
No trust of the cloud
Security "Pressure"
Trust of the Cloud
-
Use Security Built Into the Cloud
Public Cloud
- Certification/assessment
SAS 70 is minimum gate, ISO 27001, FISMA
Community standards/shared assessments
- Security overlays
Private Cloud
- Virtualization infrastructure security features/acquisitions
- Common Criteria certification
-
Use Security Running in Cloud
Public Cloud
- Security workloads
- Native cloud security breakthroughs
- Hybrid models
Private Cloud
- Virtualized security products
- Separation of duties
-
Keep Security Separate From the Cloud
Public Cloud
- Security as a service
- Security in the "other" Cloud telecom
- Trusted intermediaries
Private Cloud
- VMsafe API, other externalization approaches
- Virtual network integration
-
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012
-
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Enescu
Cloud Security Trends Hype Cycle 2012