Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Are there risks in the Cloud?
• Dion Kotteman
• Executive Advisor Ministry of Finance• Former CIO Dutch Central Government
• Rotterdam, 29th of September 2015
1
Cloud telephony
Dion Kotteman
Introduction
Dion Kotteman Security and Cloud Computing
2
• Member of the Steering Board of the European Cloud Partnership
• Former CIO of the Dutch Government
• Author of management books
Dion Kotteman Security and Cloud Computing
Content• - The Euopean view• - What is it and what sort of risks are we talking about?• - What risks are in the hearts and minds? The psychology.• - A Dutch example
The Cloud in Europe• Steering board of the European Cloud Partnership (EU)
• For citizens, public administrations and businesses• “4 million jobs by 2020”• Goal, amongst others : better security!• Through the Trusted Cloud Europe Framework• To digital leadership• A new paradigm is SHARING: e.g. scientific research by sharing
data through the cloud, and multiplying the relevance.
Dion Kotteman Security and Cloud Computing
Reasons for Cloud Computing• Cloud as an enabler for economic growth• Like for SME’s (small businesses) get cheap access to high
performance IT solutions• Reduce capital spending: pay for what you use• And (!) security.
Dion Kotteman Security and Cloud Computing
The Dutch Cloud Strategy ->
What is it?
• Cloud = delivering IT Services from linked computers, without identifying them technically.
• That means:• A full service delivery concept • Pay-per use (makes it cheaper)• Quick time to market (easy scalability)• Virtualisation techniques, distinguishable layers of infrastructure,
platform and software as a service, The technoloy has to be perfect: high availability and highly reliable
• It is disruptive technology, and here to stay• Some call it the Third Industrial Revolution
Dion Kotteman Security and Cloud Computing
Related• Big Data• Internet of Things• Disruptive technology• It won’t go away, so be prepared• Patriot Act
Dion Kotteman Security and Cloud Computing
Riscs• The cloud comprises riscs³:• Elements:
1. computer2. network3. information
•. Due to virtualisation this is integrated and tripled!•. The user fully relies on the provider, but through scale he can be
more professional than you on your own.
Dion Kotteman Security and Cloud Computing
B
ITIT
ITBB
Business – IT alignement
Dion Kotteman Security and Cloud Computing
Security developments• Compare the car industry: trial and error
Dion Kotteman Security and Cloud Computing
Cloud is also psychology!• A perceived vulnurability of data in the cloud (report steering
board)So: • How safe is your present datacentre? • What is the pre-cloud security policy?• Do your employees send data home, and how?• The feeling: where are my data?• Are your data mixed up with other data?
Dion Kotteman Security and Cloud Computing
Dutch Example• Coupling datacentres• Using existing datanetworks, Patchwork approach.• Security as a high priority• Reducing costs• Low project costs
Dion Kotteman Security and Cloud Computing
From 64 to 4 datacentres• Central governments four new data centres and network
connectivity together form the foundation of the Central Government Cloud
Dion Kotteman Security and Cloud Computing
Integrating existing programmes into the Cloud
1.Changing 64 datacentres to 42.The path is gradual: ->housing, -hosting, rationalisation. IAAS as a
first move. A psychological approach3.Infra structure upgrade
•. The “cloud” is the backbone + points of presence, growing.
Dion Kotteman Security and Cloud Computing
LEGACY and specific
CLOUDSPECIFIC
CLOUD GENERIC
Central Governemental
Cloud
Strategy per segment, enabling gradual growth.
Dion Kotteman Security and Cloud Computing
Measures• IAM must be organised as a pre condition• Physical security must be up to date (by taking advantage of the
scale)• Personnel security• Masking privacy data• Data recovery• Audit trails• Compliance
• But: fairly straight forward!
Dion Kotteman Security and Cloud Computing
Dion Kotteman Security and Cloud Computing