SlideShare a Scribd company logo

Migrating To Cloud & Security @ FOBE 2011

C
commandersaini

Copy of Presentation made at International Conference on Facets of Business Excellence, Leveraging Information Technology, for Strategic Adavantage.

1 of 53
Disclaimer : Scope of this paper is limited to challenges to management for migration of Information Technology resources to the cloud computing environment. Intentionally technical issues have been avoided and only emerging corporate governance issues are highlighted, especially those which are lesser discussed but likely to have major impact on decision making by non- technocrat management
Cloud Computing Market size Estimates US Federal Government - $26.1 Billion (CAGR 40%) by 2015. Worldwide - $148.8 billion by 2012 China has recently announced launching the project “Sea of Cloud” Chinese cloud computing market - 1 trillion Yuan ($154 Billion) in next few years.
Cloud Computing Migration To Cloud will not be an option but a necessity Emerging Challenges for managers International efforts Planning Migration to Cloud Evolving Assurance Framework
Ubiquitous Connectivity Virtualization Broadband Networking Web 2.0 Multi Tenancy Out Sourcing Utility Service Computing Oriented Clustering Architecture
“ A model for enabling convenient, on- demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can rapidly provisioned and released with minimal management effort or service provider interaction”
Massive Scale Resilient Computing Geographic Homogeneity Distribution Virtualization Service Orientation Low Cost Software Advanced Security
Cloud Efficiencies and improvements Improved Cost Time Power Unlimited Improved process Efficiencies Efficiencies Efficiencies capacity Security control Standardized updated base Top quality Burst image security Capacity Procurement Near to products to generation production Centrally auditable log server Dynamic Short top quality use of duration security project capacity professionals Centralized authentication utilization Reduced system Any place overhead Cancelled connectivity power top quality or failed consumption Improved security mission forensics processes
CAPEX to OPEX Capital Sunken cost Depreciation cost Expenditure on IT Actual usage cost Data Centre IT professionals Obsolescence cost running and costs maintainance costs
Source: Federal Cloud Computing Strategy, by Vivek Kundra, US Chief Information Officer
DSCI – WIPRO SURVEY
Unlike money when data Solution gets stolen the owner may • Strong Identity Management not even know because • Rigid access control data can be just copied mechanisms and taken away while • Log Management original data stays unperturbed.
Solution Own IT department may feel threatened and thus take • Third party should actions causing aversion to undertake migration migration to cloud. analysis • Strong and firm management • Must identify cost Decommissioning / moth reduction mechanism at balling released IT assets initial stage itself and retrenchment of IT staff
Global nature of Internet can make life Solution easy for fly by night • Due diligence in operators selection of CSP • Industry Confederations have role to play CSP has entered in • International business to capture ombudsman required the opportunity but lacks seriousness
Solution Organisational data may be • International Cooperation kept in several country • Bilateral/multi lateral causing jurisdictional and treaties law enforcement challenges • Coordination amongst LEAs across the globe.
Law enforcement orders against one co-tenant can cause seizure Solution of other co-tenants data also • Policies, Procedures and Rules by government • Training and capacity building in police force/ Law enforcement will face serious Cyber Forensic challenges. A too strict a regime can Specialists/ Legal hurt the industry and CSPs may just fraternity move out the country, affecting revenue and security; while too comfortable zone may provide free play ground to cyber criminals
The co- tenancy poses Solution new challenges such as • Continuous R&D data overflow, Side – • Log analysis by CSP as channel well as user (may be by attacks, reminiscent data third party) recovery, and other • Assurance framework technical and social and audit engineering attack
Solution • Policy, procedures and rules to protect the CSPs are far more powerful comparative weak users than the Cloud users may cause (SMEs) skew in drafting and implementation of contracts • Formation of cloud users confederation / group • National and International ombudsman
Auditor must Competent and understand cloud expert Auditor technology Auditor must Solution understand complex • Second party audit / governance and legal expert representing cloud issues affecting user migration to cloud • Should be included in SLA
Methodology for Establishing and Enforcing SLA
1. Short title, extent, commencement and application. Subsection (2) – It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.
75. Act to apply for offence or contravention committed outside India. - (1) Subject to the provision of sub- (2) For the purposes of sub- section (2), the provisions of this section(1), this act shall apply to Act shall apply also to any offence an offence or contravention or contravention committed committed outside India by any outside India by any person person if the act or conduct irrespective of his nationality. constituting located in India.
Indo-US Cyber Security Forum
Published Standards • ISO/IEC 27000 — Information security management systems — Overview and vocabulary • ISO/IEC 27001 — Information security management systems — Requirements • ISO/IEC 27002 — Code of practice for information security management • ISO/IEC 27003 — Information security management system implementation guidance • ISO/IEC 27004 — Information security management — Measurement • ISO/IEC 27005 — Information security risk management • ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems • ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 • ISO/IEC 27031 — Guidelines for information and communications technology readiness for business continuity • ISO/IEC 27033-1 — Network security overview and concepts • ISO/IEC 27035 — Security incident management • ISO 27799 — Information security management in health using ISO/IEC 27002
First serious attempt to harmonise International laws on cyberspace. Opened for Signature – 23 Nov 2001 Entry into force – 1 Jul 2004 Ratified/Accession – 32 Countries Signed but not yet ratified – 15 Countries Major missing – Russia. Even USA has recorded reservations
IT Security — Security techniques — Guidelines for identification, collection, acquisition, and preservation of digital evidence (DRAFT - new title) provides detailed guidance that describes the process for recognition and identification, collection and/or acquisition and preservation of digital data which may contain information of potential evidential value. This document includes physical and documentary activities deemed necessary in supporting inter- jurisdictional recognition of collected and/or acquired potential digital evidence
Helping the European Commission, the Member States and the business community to address, respond and especially to prevent Network and Information Security problems. ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a "European Community Agency". Nov 20, 2009 published Cloud Computing Risk Assessment
CSA is a not-for-profit organization led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. Mission Statement : To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Issued Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 in Dec 2010
Triangle to Square
Contact Details Web : www.xcyss.in E-mail : cmd@xcyss.com Tele : +91-11-25128910 Mobile : +91- 9953286928 Blogs: http://cyber-crime-in-india.blogspot.com/ http://security-of-cyberspace.blogspot.com/
Reference List Alcatel-Lucent 2010, Presentation at Securecloud, 2010, Barcelona , viewed on 18th October, 2010, <https://cloudsecurityalliance.org/sc2010.html> Cloud Security Alliance Guide V 2.16 2009, Security Guidance for Critical Area of Focus in Cloud Computing V 2.1 , viewed on 18th October, 2010, <https://cloudsecurityalliance.org/csaguide.pdf> Commander Mukesh, Saini (Retd.) 2011, Next Challenge for governance - the Cloud Computing, Thinking Aloud, pp 28-30, June, 2011 Courtney, Martin 2011, Interview: Brian Gammage, Gartner, viewed on 18th October, 2010, <http://www.computing.co.uk/ctg/interview/1930935/interview-brian-gammage-gartner> Data Security Council of India 2010, Data protection Challenges in Cloud Computing - an Indian perspective, viewed on 18th October, 2010, <http://www.dsci.in/sites/default/files/Data%20Protection%20Challenges%20in%20Cloud%20Computing.pdf> European Network and Information Security Agency 2009, Cloud Computing Risk Assessment, viewed on 18th October, 2010, <http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment> Grance Tim 2010, Cloud Computing Paradigm, Presentation at NIST on 16 March 2010 ISO 27001 Security 2011, ISO/IEC 27037, viewed on 18th October, 2010, <http://www.iso27001security.com/html/27037.html> James F. Willams 2011, NASA's Nebula Cloud Computing Initiative, viewed on 18th October, 2010, <http://fms.treas.gov/sfc/NASA%20Cloud%20Computing%20Agency%20Case%20Study%20Presentation.pdf> Jeff Vance 2010, Datamation. 5 Cloud computing prediction for 2011 , viewed on 18th October, 2010, <www.itmanagement.earthweb.com/feature/5- Cloud-Computing-Predictions-for-2011-3919196.htm> Market Research Media 2009, U.S. Fedral Cloud Computing Market Forecast 2010-2015, viewed on 18th October, 2010, <www.marketresearchmedia.com/2009/05/20/us-fedral-cloud-computing-market-forecast-2010-2015/> National Institute of Standards and Technology 2011, The NIST defination of Cloud Computing (Draft), SP -880-145, viewed on 18th October, 2010, <http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf> Shanghai Security News 2011, News Xinhuanet. The virtualization of a nation, cloud computing in China takes hold, viewed on 18th October, 2010, <www.news.xinhuanet.com/english2010/china/2011-06/29/c_13956822.htm> Vishal Khera 2010, Planning for Cloud Implementation, Presentation at Securecloud, 2010 at Barcelona, viewed on 18th October, 2010, <https://cloudsecurityalliance.org/sc2010.html>

Recommended

Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
commandersaini
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Rohith Shankar
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
Megan Eskey
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 

Recommended

Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
commandersaini
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Rohith Shankar
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
Megan Eskey
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the Cloud
Peter Coffee
 
Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?
Savvius, Inc
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
Mike Kavis
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
elisasson
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
Novell
 
CMG White Paper
CMG White PaperCMG White Paper
CMG White Paper
Len Jejer
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
Anne Starr
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Antonio Sanz Alcober
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Hi-Tech College
 
Desktop as a service (daas)
Desktop as a service (daas)Desktop as a service (daas)
Desktop as a service (daas)
johndorian555
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Nithin Raj
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
ikanow
 
S series presentation
S series presentationS series presentation
S series presentation
Sergey Marunich
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds
5nine
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Containers the next era of computing
Containers the next era of computingContainers the next era of computing
Containers the next era of computing
Bangladesh Network Operators Group
 
Assignment &amp; Transmission Of Trade Marks
Assignment &amp; Transmission Of Trade MarksAssignment &amp; Transmission Of Trade Marks
Assignment &amp; Transmission Of Trade Marks
Divya Prakash
 
Assignment of trademarks
Assignment of trademarksAssignment of trademarks
Assignment of trademarks
Altacit Global
 

More Related Content

What's hot

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
 
Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?
Savvius, Inc
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
Mike Kavis
 
CMG White Paper
CMG White PaperCMG White Paper
CMG White Paper
Len Jejer
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
Anne Starr
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
ikanow
 

What's hot (20)

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the Cloud
 
Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
CMG White Paper
CMG White PaperCMG White Paper
CMG White Paper
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Desktop as a service (daas)
Desktop as a service (daas)Desktop as a service (daas)
Desktop as a service (daas)
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
S series presentation
S series presentationS series presentation
S series presentation
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Containers the next era of computing
Containers the next era of computingContainers the next era of computing
Containers the next era of computing
 

Viewers also liked

Assignment of trademarks
Assignment of trademarksAssignment of trademarks
Assignment of trademarks
Altacit Global
 
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
Rahul Dev
 
Trademark presentation
Trademark presentationTrademark presentation
Trademark presentation
adamconsulting
 

Viewers also liked (7)

Assignment &amp; Transmission Of Trade Marks
Assignment &amp; Transmission Of Trade MarksAssignment &amp; Transmission Of Trade Marks
Assignment &amp; Transmission Of Trade Marks
 
Assignment of trademarks
Assignment of trademarksAssignment of trademarks
Assignment of trademarks
 
Patent Basics and Intellectual Property Rights
Patent Basics and Intellectual Property Rights Patent Basics and Intellectual Property Rights
Patent Basics and Intellectual Property Rights
 
Patent Drafting and Writing Strong Patent Applications for Creating & Protect...
Patent Drafting and Writing Strong Patent Applications for Creating & Protect...Patent Drafting and Writing Strong Patent Applications for Creating & Protect...
Patent Drafting and Writing Strong Patent Applications for Creating & Protect...
 
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
IPR Protection for Hardware Startups - Patents, Trademarks, Copyrights and De...
 
Trademark presentation
Trademark presentationTrademark presentation
Trademark presentation
 
Trademark ppt by-pooja gurwani
Trademark ppt by-pooja gurwaniTrademark ppt by-pooja gurwani
Trademark ppt by-pooja gurwani
 

Similar to Migrating To Cloud &amp; Security @ FOBE 2011

Cloud computing
Cloud computingCloud computing
Cloud computing
Razib M
 
Intergen Twilight Seminar: Constructive Disruption with Cloud Technologies
Intergen Twilight Seminar: Constructive Disruption with Cloud TechnologiesIntergen Twilight Seminar: Constructive Disruption with Cloud Technologies
Intergen Twilight Seminar: Constructive Disruption with Cloud Technologies
Intergen
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
doan_slideshares
 
Go Bigger! Manage Data Center Technologies
Go Bigger! Manage Data Center TechnologiesGo Bigger! Manage Data Center Technologies
Go Bigger! Manage Data Center Technologies
doan_slideshares
 
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdfOracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
InSync2011
 
Cloud computing in south africa reality or fantasy
Cloud computing in south africa reality or fantasyCloud computing in south africa reality or fantasy
Cloud computing in south africa reality or fantasy
Samantha James
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
Al Afflitto
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Cloudera, Inc.
 
IT-AAC Cloud Acquisition Roadmap
IT-AAC Cloud Acquisition RoadmapIT-AAC Cloud Acquisition Roadmap
IT-AAC Cloud Acquisition Roadmap
GovCloud Network
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
Interop
 

Similar to Migrating To Cloud &amp; Security @ FOBE 2011 (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Intergen Twilight Seminar: Constructive Disruption with Cloud Technologies
Intergen Twilight Seminar: Constructive Disruption with Cloud TechnologiesIntergen Twilight Seminar: Constructive Disruption with Cloud Technologies
Intergen Twilight Seminar: Constructive Disruption with Cloud Technologies
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Go Bigger! Manage Data Center Technologies
Go Bigger! Manage Data Center TechnologiesGo Bigger! Manage Data Center Technologies
Go Bigger! Manage Data Center Technologies
 
Having the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CareHaving the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should Care
 
Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and Secure
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
 
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdfOracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
Oracle Systems _ Kevin McIsaac _The IT landscape has changed.pdf
 
Cloud computing in south africa reality or fantasy
Cloud computing in south africa reality or fantasyCloud computing in south africa reality or fantasy
Cloud computing in south africa reality or fantasy
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
IT-AAC Cloud Acquisition Roadmap
IT-AAC Cloud Acquisition RoadmapIT-AAC Cloud Acquisition Roadmap
IT-AAC Cloud Acquisition Roadmap
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 

Migrating To Cloud &amp; Security @ FOBE 2011

  • 1.
  • 2. Disclaimer : Scope of this paper is limited to challenges to management for migration of Information Technology resources to the cloud computing environment. Intentionally technical issues have been avoided and only emerging corporate governance issues are highlighted, especially those which are lesser discussed but likely to have major impact on decision making by non- technocrat management
  • 3. Cloud Computing Market size Estimates US Federal Government - $26.1 Billion (CAGR 40%) by 2015. Worldwide - $148.8 billion by 2012 China has recently announced launching the project “Sea of Cloud” Chinese cloud computing market - 1 trillion Yuan ($154 Billion) in next few years.
  • 4. Cloud Computing Migration To Cloud will not be an option but a necessity Emerging Challenges for managers International efforts Planning Migration to Cloud Evolving Assurance Framework
  • 5.
  • 6. Ubiquitous Connectivity Virtualization Broadband Networking Web 2.0 Multi Tenancy Out Sourcing Utility Service Computing Oriented Clustering Architecture
  • 7. “ A model for enabling convenient, on- demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can rapidly provisioned and released with minimal management effort or service provider interaction”
  • 8.
  • 9.
  • 10.
  • 11. Massive Scale Resilient Computing Geographic Homogeneity Distribution Virtualization Service Orientation Low Cost Software Advanced Security
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Cloud Efficiencies and improvements Improved Cost Time Power Unlimited Improved process Efficiencies Efficiencies Efficiencies capacity Security control Standardized updated base Top quality Burst image security Capacity Procurement Near to products to generation production Centrally auditable log server Dynamic Short top quality use of duration security project capacity professionals Centralized authentication utilization Reduced system Any place overhead Cancelled connectivity power top quality or failed consumption Improved security mission forensics processes
  • 17. CAPEX to OPEX Capital Sunken cost Depreciation cost Expenditure on IT Actual usage cost Data Centre IT professionals Obsolescence cost running and costs maintainance costs
  • 18.
  • 19. Source: Federal Cloud Computing Strategy, by Vivek Kundra, US Chief Information Officer
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. DSCI – WIPRO SURVEY
  • 27. Unlike money when data Solution gets stolen the owner may • Strong Identity Management not even know because • Rigid access control data can be just copied mechanisms and taken away while • Log Management original data stays unperturbed.
  • 28. Solution Own IT department may feel threatened and thus take • Third party should actions causing aversion to undertake migration migration to cloud. analysis • Strong and firm management • Must identify cost Decommissioning / moth reduction mechanism at balling released IT assets initial stage itself and retrenchment of IT staff
  • 29. Global nature of Internet can make life Solution easy for fly by night • Due diligence in operators selection of CSP • Industry Confederations have role to play CSP has entered in • International business to capture ombudsman required the opportunity but lacks seriousness
  • 30. Solution Organisational data may be • International Cooperation kept in several country • Bilateral/multi lateral causing jurisdictional and treaties law enforcement challenges • Coordination amongst LEAs across the globe.
  • 31. Law enforcement orders against one co-tenant can cause seizure Solution of other co-tenants data also • Policies, Procedures and Rules by government • Training and capacity building in police force/ Law enforcement will face serious Cyber Forensic challenges. A too strict a regime can Specialists/ Legal hurt the industry and CSPs may just fraternity move out the country, affecting revenue and security; while too comfortable zone may provide free play ground to cyber criminals
  • 32. The co- tenancy poses Solution new challenges such as • Continuous R&D data overflow, Side – • Log analysis by CSP as channel well as user (may be by attacks, reminiscent data third party) recovery, and other • Assurance framework technical and social and audit engineering attack
  • 33. Solution • Policy, procedures and rules to protect the CSPs are far more powerful comparative weak users than the Cloud users may cause (SMEs) skew in drafting and implementation of contracts • Formation of cloud users confederation / group • National and International ombudsman
  • 34. Auditor must Competent and understand cloud expert Auditor technology Auditor must Solution understand complex • Second party audit / governance and legal expert representing cloud issues affecting user migration to cloud • Should be included in SLA
  • 35.
  • 36. Methodology for Establishing and Enforcing SLA
  • 37.
  • 38.
  • 39.
  • 40. 1. Short title, extent, commencement and application. Subsection (2) – It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.
  • 41. 75. Act to apply for offence or contravention committed outside India. - (1) Subject to the provision of sub- (2) For the purposes of sub- section (2), the provisions of this section(1), this act shall apply to Act shall apply also to any offence an offence or contravention or contravention committed committed outside India by any outside India by any person person if the act or conduct irrespective of his nationality. constituting located in India.
  • 43. Published Standards • ISO/IEC 27000 — Information security management systems — Overview and vocabulary • ISO/IEC 27001 — Information security management systems — Requirements • ISO/IEC 27002 — Code of practice for information security management • ISO/IEC 27003 — Information security management system implementation guidance • ISO/IEC 27004 — Information security management — Measurement • ISO/IEC 27005 — Information security risk management • ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems • ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 • ISO/IEC 27031 — Guidelines for information and communications technology readiness for business continuity • ISO/IEC 27033-1 — Network security overview and concepts • ISO/IEC 27035 — Security incident management • ISO 27799 — Information security management in health using ISO/IEC 27002
  • 44. First serious attempt to harmonise International laws on cyberspace. Opened for Signature – 23 Nov 2001 Entry into force – 1 Jul 2004 Ratified/Accession – 32 Countries Signed but not yet ratified – 15 Countries Major missing – Russia. Even USA has recorded reservations
  • 45. IT Security — Security techniques — Guidelines for identification, collection, acquisition, and preservation of digital evidence (DRAFT - new title) provides detailed guidance that describes the process for recognition and identification, collection and/or acquisition and preservation of digital data which may contain information of potential evidential value. This document includes physical and documentary activities deemed necessary in supporting inter- jurisdictional recognition of collected and/or acquired potential digital evidence
  • 46. Helping the European Commission, the Member States and the business community to address, respond and especially to prevent Network and Information Security problems. ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a "European Community Agency". Nov 20, 2009 published Cloud Computing Risk Assessment
  • 47. CSA is a not-for-profit organization led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. Mission Statement : To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Issued Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 in Dec 2010
  • 49.
  • 50.
  • 51.
  • 52. Contact Details Web : www.xcyss.in E-mail : cmd@xcyss.com Tele : +91-11-25128910 Mobile : +91- 9953286928 Blogs: http://cyber-crime-in-india.blogspot.com/ http://security-of-cyberspace.blogspot.com/
  • 53. Reference List Alcatel-Lucent 2010, Presentation at Securecloud, 2010, Barcelona , viewed on 18th October, 2010, <https://cloudsecurityalliance.org/sc2010.html> Cloud Security Alliance Guide V 2.16 2009, Security Guidance for Critical Area of Focus in Cloud Computing V 2.1 , viewed on 18th October, 2010, <https://cloudsecurityalliance.org/csaguide.pdf> Commander Mukesh, Saini (Retd.) 2011, Next Challenge for governance - the Cloud Computing, Thinking Aloud, pp 28-30, June, 2011 Courtney, Martin 2011, Interview: Brian Gammage, Gartner, viewed on 18th October, 2010, <http://www.computing.co.uk/ctg/interview/1930935/interview-brian-gammage-gartner> Data Security Council of India 2010, Data protection Challenges in Cloud Computing - an Indian perspective, viewed on 18th October, 2010, <http://www.dsci.in/sites/default/files/Data%20Protection%20Challenges%20in%20Cloud%20Computing.pdf> European Network and Information Security Agency 2009, Cloud Computing Risk Assessment, viewed on 18th October, 2010, <http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment> Grance Tim 2010, Cloud Computing Paradigm, Presentation at NIST on 16 March 2010 ISO 27001 Security 2011, ISO/IEC 27037, viewed on 18th October, 2010, <http://www.iso27001security.com/html/27037.html> James F. Willams 2011, NASA's Nebula Cloud Computing Initiative, viewed on 18th October, 2010, <http://fms.treas.gov/sfc/NASA%20Cloud%20Computing%20Agency%20Case%20Study%20Presentation.pdf> Jeff Vance 2010, Datamation. 5 Cloud computing prediction for 2011 , viewed on 18th October, 2010, <www.itmanagement.earthweb.com/feature/5- Cloud-Computing-Predictions-for-2011-3919196.htm> Market Research Media 2009, U.S. Fedral Cloud Computing Market Forecast 2010-2015, viewed on 18th October, 2010, <www.marketresearchmedia.com/2009/05/20/us-fedral-cloud-computing-market-forecast-2010-2015/> National Institute of Standards and Technology 2011, The NIST defination of Cloud Computing (Draft), SP -880-145, viewed on 18th October, 2010, <http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf> Shanghai Security News 2011, News Xinhuanet. The virtualization of a nation, cloud computing in China takes hold, viewed on 18th October, 2010, <www.news.xinhuanet.com/english2010/china/2011-06/29/c_13956822.htm> Vishal Khera 2010, Planning for Cloud Implementation, Presentation at Securecloud, 2010 at Barcelona, viewed on 18th October, 2010, <https://cloudsecurityalliance.org/sc2010.html>

Editor's Notes

  1. Cloud computing (&apos;cloud&apos;) is an evolving term that describes the development of many existing technologies and approaches to computing into something different. Cloud separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them.
  2. Essential Characteristics of Cloud Computing Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches: • On-demand self-service. A consumer can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. • Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloudbased software services. • Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resourcesinclude storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization. • Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some cases automatically — to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. • Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service. It is important to recognize that cloud services are often but not always utilized in conjunction with, and enabled by, virtualization technologies. There is no requirement, however, that ties the abstraction of resources to virtualization technologies and in many offerings virtualization by hypervisor or operating system container is not utilized. Further, it should be noted that multi-tenancy is not called out as an essential cloud characteristic by NIST but is often discussed as such. Please refer to the section on multi-tenancy featured after the cloud deployment model description below for further details.
  3. Essential Characteristics of Cloud Computing Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches: • On-demand self-service. A consumer can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. • Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloudbased software services. • Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resourcesinclude storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization. • Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some cases automatically — to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. • Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service. It is important to recognize that cloud services are often but not always utilized in conjunction with, and enabled by, virtualization technologies. There is no requirement, however, that ties the abstraction of resources to virtualization technologies and in many offerings virtualization by hypervisor or operating system container is not utilized. Further, it should be noted that multi-tenancy is not called out as an essential cloud characteristic by NIST but is often discussed as such. Please refer to the section on multi-tenancy featured after the cloud deployment model description below for further details.
  4. Westpac has a long and proud history as Australia&apos;s first and oldest bank. It was established in 1817 as the Bank of New South Wales.
  5. Westpac has a long and proud history as Australia&apos;s first and oldest bank. It was established in 1817 as the Bank of New South Wales.
  6. Westpac has a long and proud history as Australia&apos;s first and oldest bank. It was established in 1817 as the Bank of New South Wales.