Security, Privacy and Risk Standards of Operating in the Cloud
-
Upload
fujitsu-global -
Category
Technology
-
view
1.866 -
download
0
description
Transcript of Security, Privacy and Risk Standards of Operating in the Cloud
Harvesting Cloud Harvesting Cloud BenefitsBenefits
Room 13b
Harvesting Cloud Benefits – Room 13b
Reshaping IT Security, Privacy and Risk Standards of Operating in the Cloud
David RobinsonDavid RobinsonChief Security Officer and Director Information Security Business Unit F jit UK & I l dFujitsu UK & Ireland
12:30 h
1
12:30 h
2
Security in the CloudDavid RobinsonCSO UK&ICSO UK&IDir Information Security Business Unit
© Copyright 2011 FUJITSU
What do we expectWhat do we expect“Security in the Cloud” to be?
What is “cloud” and what makes us nervous about using it?
4 © Copyright 2011 FUJITSU
What is “Cloud”?“A flexible, scalable, pay-per-use model for the way IT services are delivered and consumed” – Fujitsu White Book of Cloud AdoptionAdoptionThree scenarios:
Using pre existing Cloud servicesUsing pre-existing Cloud servicesMigrating Enterprise services to the CloudCloud being used as part of the delivery mechanismCloud being used as part of the delivery mechanism
5 © Copyright 2011 FUJITSU
Barriers to cloud adoption that we seeSecurity and performance issues areat the top of the lists of concerns raisedby organisations:by organisations:
Regulatory and compliance issues Loss of local control Vendor lock-in Lack of upgrade control Fallback and recovery
6 © Copyright 2011 FUJITSU
Questions we encourage askingWhat is the country of operation?
Need to be very sure about country of operationMust ensure legal and regulatory complianceCompliance has to be maintainedThreat profile in country needs to be understoodThreat profile in country needs to be understoodLocation of dataLocation of support and management servicesLocation of support and management services
Who gets into the cloud?Our usersSupport staffOther customersAnyone else?
What happens when something goes wrong?
7 © Copyright 2011 FUJITSU
How does it work?
Fujitsu’s approach and experience
The way we build our services
8 © Copyright 2011 FUJITSU
Fujitsu approachChoose the best Cloud for you
On premisesprivate infrastructure in data centre shared community infrastructure public infrastructurepublic infrastructureDifferent levels of assurance
Precision in infrastructure designPrecision in infrastructure designCare in process implementationSubject to external reviewSubject to external review
9 © Copyright 2011 FUJITSU
Different kinds of clouds… and the glue that holds them together
ConsultancyMatching workload characteristics to appropriate IT resources.
Private Cloud
Matching workload characteristics to appropriate IT resources.
Public CloudCommunity Cloud Hybrid Cloud
Designed for single enterpriseInternal shared resources
Designed for members Resources shared safely among group
Designed for general marketOpen to all R h d
Both public and privateUtilizes best capabilities fromresources
IT organization sells services to rest of companyOn site or off site
safely among group members (individual, gov or businesses)Customized for specific business
Resources shared safely among group of companiesVery little customization
capabilities from public and private to meet business needsAllows for burstingOn-site or off-site
Outsourced or InhousemanagementCustomization
specific business need
customization Allows for bursting to public cloud
Customization allowed
End to End Service Management for Enterprise Cloud
10 © Copyright 2011 FUJITSU
End to End Service Management for Enterprise Cloud
Cloud security considerationsThe Barriers discussed earlier map ontoGovernance and enterprise risk managementData residency and jurisdiction.Compliance and auditAccess controlShared resources and data segregationSecurity incident managementPhysical securityy yPrivileged usersContinuity ServicesyData disposal
11 © Copyright 2011 FUJITSU
Where are we now?Security measures that arecommensurate with the riskNo longer single levelCloud requires and enables a more
fil d h t itprofiled approach to securityWhat can and cannot live in the cloud?in the cloud?Would you trust putting anything into the cloud?into the cloud?What would you take from the cloud?What constrains us?What constrains us?
12 © Copyright 2011 FUJITSU
Security qualities of different cloud typesPrivate Community Public Hybrid
Governance and enterprise risk 3 3 1 2management
Data residency and jurisdiction 3 2 1 2
Compliance andCompliance and audit 3 2 1 2
Access Control 3 2 1 1
Sh dShared resources and data segregation
3 3 1 2
Security incident 3 2 1 2management 3 2 1 2
Physical Security Dependentupon service
Dependentupon service
Dependentupon service
Dependentupon service
Privileged Users 3 3 1 2
Continuity Services
Dependent upon business needs
Dependent upon business needs
Dependent upon business needs
Dependent upon business needs
13 © Copyright 2011 FUJITSU
Data disposal 3 3 1 2
The areas Fujitsu focuses onService and Management – how the service operations function to deliver an overall approach to governance, risk and compliance incident management and the provision ofand compliance, incident management and the provision of audit services).Network the configuration of the network services toNetwork – the configuration of the network services to deliver separation and isolation of clients’ connections from their location to the service payloads in the data centre.p yCompute – the arrangements to provide isolation between customer capsules and management blocks.Storage –the methods and approaches for segregating and protecting the storage assetsPhysical – a rigorous approach to the physical security aspects of the service.
14 © Copyright 2011 FUJITSU
Security defence in depth in the cloud
15 © Copyright 2011 FUJITSU
SummarySecurity is still high on the agendaNot everything is suitable for the cloudCloud presents new ways of workingWe can help you understand and develop your approachWe have the expertise to adviseWork with you as a partnerWe have Cloud infrastructure available right now not just slide wear!
16 © Copyright 2011 FUJITSU
Questions
17 © Copyright 2011 FUJITSU