1 / 12

Hey Enterprise! I’ve got my OWN Cloud!

Hey Enterprise! I’ve got my OWN Cloud!. IAPP 2010 Privacy Academy. Wayne Pauley, EMC Corporation. It Should be Easy, So Wha t is Cloud?. Characteristics. On Demand & Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service. Service Models.

shanae
Télécharger la présentation

Hey Enterprise! I’ve got my OWN Cloud!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hey Enterprise!I’ve got my OWN Cloud! IAPP 2010 Privacy Academy Wayne Pauley, EMC Corporation

  2. It Should be Easy, So What is Cloud? Characteristics • On Demand & Self-Service • Broad Network Access • Resource Pooling • Rapid Elasticity • Measured Service Service Models • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) Deployment Models • Private Cloud • Public Cloud • Hybrid Cloud • Community Cloud Reference: NIST Definition

  3. Cloud Vendor Taxonomy Reference: OpenCrowd

  4. Cloud Security & Compliance Reference: Cloud Security Alliance

  5. Segmentation – by Business Size SOHO/ Startup SMB Enterprise Consumer • Public Cloud • Convenience Outweighs Risk • Low Cost or Free • Email, eCommerce, Social Nets, • Gaming • Hybrid Cloud • Risk Averse on Tier 1 Apps • SaaS: Salesforce, NetSuite • Tier 2-4: Non OLTP/ATOM Apps • Infra Apps: Cloud as Target • for Backup, Archive, or Security • Public Cloud • Convenience Outweighs Risk • CAPEX VS OPEX • Self-Service • Back Office, Development, & • Production • Private & Hybrid Cloud • Tier 1 Licensing, Support, Risk • Tier 2-4 Private Cloud • Hybrid • Infra Apps: Cloud as Target • Websites, Portals, Grid • Test/Dev – Scale, R&D • SaaS Salesforce, SAP, Oracle, MS

  6. Segmentation – by Vertical Financial Services Education HealthCare Government • Public Cloud / Hybrid Cloud • Government HITECH Incentives • Access to Big Compute Power • Data Repositories, Data Mining • MS Health, Google Health, etc. • Consumer apps, Rx, EHR, Monitoring and Alerting Systems • Private Cloud • Regulators watching, not yet approving • Location of data, sharing resources at issue • Extend private cloud to SP’s • Interested in cost reduction and burst scale • Public Cloud • Public Information (low risk) • Scale & Cost • OpenStack, FISMA Qualified • USA.gov, Google Gov • Public Cloud • Availability, Scale, Maintenance • Online Courses & Labs • Email, Docs/Collaboration, Research • Blackboard, eCollege, Google Apps, MS Azure

  7. Impact on Privacy • Regulations • Multi-tenancy / Shared Resources • Data Location(s) • Transitivity • Backup/Recovery • SAS 70, PCI, and HIPAA Certifications • Mitigation of Exposure • Audit/Assessment Requirements • Evidentiary Requirements • Background Checks • Standards • CSA, ENISA, CloudAudit, SharedAssessments

  8. Example Evaluation Model • Security & Privacy Scorecard • 4 Domains to Assess • Security • Privacy • Auditability • Service Levels Reference: Cloud Provider Transparency, IEEE Security & Privacy

  9. Transformations From This To This • & To This From This

  10. References Cloud Provider Transparency: An Empirical Evaluation. (2010) Wayne Pauley, IEEE Security & Privacy (in press) Cloud Security Alliance – www.cloudsecurityalliance.org NIST - http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc OpenCrowd- http://cloudtaxonomy.opencrowd.com/

More Related