1. InCloud WeTrust Not so fast! “I’m Cloud Confused” series

2. If you’re new to Cloud Computing, or just confused… Please try http://www.slideshare.net/Guppers/im-cloud-confused

3. the biggest Cloud Computing concerns are… Security Privacy

4. Fundamental Question Is Cloud Computing security weaker than EnterpriseSecurity?

5. a Typical Reaction when asks about security SHA256 X.509 Salt AES PKCS IV DES

6. the street Security is…. Boring Heard it on Complex Hacker stuff Kills usability Necessary Evil Complicates my life

7. Let’s make it simple Child Play

8. Let’s pick a simple story You worked hard this year, you bought a pile of gold bars

9. Where should you storethem? House? Bank? Your House Your Bank

10. What does this thief think? …

11. Plenty of valuableassets, but it may have elaborate securityprotection in place Bank

12. Some valuableassets, security protection may not as elaborate House

13. What would you do to boost your protection?

14. Yes, build layers of defense

15. Put the fenceup Put

16. Install additional door locks

17. Let’s also install alarmsystem and surveillancecameras

18. Feel Better?

19. Oh, don’t forget about adisasterplan

20. Knock, knock Who’s there?

21. You control who hasaccessto your house

22. And, pretty sure yourinner circle won’t steal from you

23. Let’s translate… Corporate Data IT Assets(Software, Hardware) Employees

24. You feel totally in control

25. Whyin the world you would give up control?

26. ..and many eyes aim at big prizes

27. when delegating security to other… a few things to consider….

28. It’s all about It’s all about Trust Trust

29. Do you trust them that they’ll still be in the business tomorrow? Help! Ex-Cloud Provider will work for Food

30. Didn’t we see this before?

31. Recommendation Pick servicesthat are backed by major players

32. Data Lost It is unlikely. Reputable Cloud Providers copy data 3-4 times

33. However, it is normal to store highly value-able datain two or more different cloud providers Data Service replicated replicated Cloud Provider 1 Cloud Provider 2

34. Data Privacy Confidentiality

35. Data in Transit data Internet Cloud Provider It can be secured using encryption technology, e.g. SSL It is used especially for sensitive data

36. Data at Rest Cloud Provider Biggest prize for attackers! More and more cloud providers are developing nativedata encryption Even if it is stolen, it will be useless for attackers

37. You can pick whereyour data resides

38. Physical Access Cloud Provider Data Center

39. Security processes are typically in place for physical access Background Check Two factor authentication Intrusion detection system Audit Video surveillance

40. Multi tenant Infrastructure Corporate 4 Corporate 3 Corporate 2 Corporate 1 …infrastructure is shared by many corporations (tenant)

41. Will vulnerabilityin one company affect others in the cloud?

42. Cloud Providers use isolationtechniques Data Isolation Virtualization Computing Isolation a vulnerability in one tenant has little impact on other tenants

43. Identity

44. Unwanted guest Employees Cloud Computing Suppliers Customers

45. Potential External Entry Points Web SiteHTTP(S) Database Queue Web ServicesHTTP(S) Custom Blob(Files, Docs) Worker VM XYZCorp.com

46. Typical access to a web site hosted in the Cloud

47. Example of astronger authentication process for sensitive web site A8KP

48. Accessing other Cloud Services (Example) Address https://aservice.mycloudprov.net Key2 Key1 R3ZhU3xAmLIEAnRRyiMHx… xFAlNx4VeRDGQgSQI…

49. Control which networkor machineshave access 98.237.178.63 83.231.32.17

50. Let’s look at from cloud infrastructure provider’s perspectives

51. TypicalSLAs to compete around 99.95 % uptime

52. It is in their best interest to maintain reputation, best security practice their business depends on it

53. Headlines they try hard to avoid Data is stolen from …. …. has been down since yesterday Security breach at data center….

54. Should you migrate all to Cloud?

55. NO Cloud Computing is still at infancy

56. Trust is Always Earned, NeverGiven ---R. Williams

57. Migrate non-critical business operations, departmental level data first and Observe! Enterprise

58. It’s not as difficultas you think simplicity, agility and elasticity (another topic for further discussion)

59. Excited about new possibilities in cloudspace?

60. Follow discussions and presentations on facebook “I’m Cloud Confused” http://www.facebook.com/pages/Im-Cloud-Confused/219897591208?ref=ts

61. You Us 10simple questions,2minutes to completehttp://surveymonkey.com/s.aspx?sm=NrndNTZkoG6j8BWJYejC1g_3d_3d Will Publish Results on facebook

62. Want to try Cloudfor your business now ? Only a few minutes to setup http://www.slideshare.net/Guppers/guppers-3-minute-walkthrough

63. For more presentations like this, visit, follow, subscribe to: Blog: http://www.andyharjanto.com Twitter: http://twitter.com/harjanto Contact: andy@guppers.com